WO2019202929A1 - Sharing system - Google Patents

Sharing system Download PDF

Info

Publication number
WO2019202929A1
WO2019202929A1 PCT/JP2019/012915 JP2019012915W WO2019202929A1 WO 2019202929 A1 WO2019202929 A1 WO 2019202929A1 JP 2019012915 W JP2019012915 W JP 2019012915W WO 2019202929 A1 WO2019202929 A1 WO 2019202929A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
bullet
vehicle
key information
mobile terminal
Prior art date
Application number
PCT/JP2019/012915
Other languages
French (fr)
Japanese (ja)
Inventor
智広 土屋
雅彦 大矢
将宏 荒川
雄一 稲波
Original Assignee
株式会社東海理化電機製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社東海理化電機製作所 filed Critical 株式会社東海理化電機製作所
Publication of WO2019202929A1 publication Critical patent/WO2019202929A1/en

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/20Means to switch the anti-theft system on or off
    • B60R25/24Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user
    • EFIXED CONSTRUCTIONS
    • E05LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
    • E05BLOCKS; ACCESSORIES THEREFOR; HANDCUFFS
    • E05B49/00Electric permutation locks; Circuits therefor ; Mechanical aspects of electronic locks; Mechanical keys therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M11/00Telephonic communication systems specially adapted for combination with other electrical systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q9/00Arrangements in telecontrol or telemetry systems for selectively calling a substation from a main station, in which substation desired apparatus is selected for applying a control signal thereto or for obtaining measured values therefrom

Definitions

  • the present invention relates to a sharing system that enables a shared object to be used among a plurality of people.
  • a car sharing system in which a single vehicle (shared vehicle) is used among a plurality of people is known as a sharing system in which one share object is commonly used by a plurality of people (see Patent Documents 1 and 2). ).
  • car share use is registered in advance, for example, a vehicle reservation is made with a mobile terminal (high function mobile phone or the like), and use of the vehicle is permitted within the reservation time. .
  • the vehicle is returned using the valet parking service.
  • a vehicle operation authority is given to the bullet key through communication or the like from the portable terminal, and the vehicle operation with the bullet key is permitted.
  • the usage period of the valet key is a time corresponding to the valid time of the operation authority preset in the mobile terminal at the time of vehicle reservation (the reservation time specified by the mobile terminal). For this reason, there is a possibility that the valid time of the bullet key may suddenly expire during the use of the bullet parking service, or the bullet key may be used for a longer time than the user intends. Therefore, the vehicle cannot be safely returned by the valet parking service.
  • An object of the present invention is to provide a sharing system that enables a safe return of an object to be shared.
  • a sharing system includes a sharing device provided in a shared object, a bullet key capable of operating the shared object, and key information necessary for using the shared object, and the sharing And a portable terminal capable of operating the share target object when authenticated through communication with the apparatus.
  • the sharing system further includes an authority granting unit that grants the bullet key operating authority to the bullet key that enables the manipulation of the share object using the bullet key, and the portable terminal when the share object is returned.
  • a re-granting processing unit for newly granting a return bullet key operation authority different from the previously-registered bullet key operation authority to the bullet key.
  • a return bullet key operation authority used only at the time of the return is newly granted to the bullet key, and sharing is performed with this bullet key. Make the object operable.
  • the return bullet key operating authority to be given at this time is an exclusive authority that is used only when returning the shared object, and is therefore an authority content specialized for the return work. Therefore, it is possible to return the share object safely.
  • the reassignment processing unit may delete information in the memory of the mobile terminal when the return bullet key operation authority is granted to the bullet key when the share object is returned.
  • the portable terminal can be disabled after the share object is returned, which is further advantageous in improving the security against unauthorized use of the share object.
  • the reassignment processing unit automatically deletes the return bullet key operating authority given to the bullet key when a prescribed condition is satisfied. According to this configuration, it is possible to erase the operation authority given to the bullet key when returning the shared object, which is further advantageous in improving the security against unauthorized use of the shared object.
  • the return bullet key operation authority granted by the re-grant processing unit is permitted to use the share object, but the use of the share object by the user is not permitted. Unauthorized operation authority. According to this configuration, after the operation authority is re-assigned, the user is not affected even if the share target is used. Therefore, it becomes difficult to use the shared object unintended by the user.
  • (A) is a schematic diagram showing a flow of renting a vehicle in the valet parking service
  • (b) is a state diagram of each memory at the time of vehicle reservation by another user.
  • the flowchart which shows the procedure when another user makes a reservation of vehicle use.
  • the flowchart which shows the procedure when giving the operation authority of a vehicle to a bullet key from another user's portable terminal.
  • the flowchart which shows the procedure at the time of invalidating the operation authority provided to the bullet key.
  • the vehicle 1 includes an electronic key system 4 that performs ID verification with the electronic key 2 wirelessly to execute or permit the operation of the in-vehicle device 3.
  • the electronic key system 4 is a key operation-free system that executes ID collation (smart collation) by narrow-band radio in response to communication from the vehicle 1.
  • the key operation free system automatically performs ID verification without directly operating the electronic key 2.
  • the in-vehicle device 3 includes, for example, a door lock device 5 and an engine 6.
  • the vehicle 1 includes a verification ECU (Electronic Control Unit) 9 that performs ID verification, a body ECU 10 that manages the power supply of the on-vehicle electrical components, and an engine ECU 11 that controls the engine 6. These ECUs 9 to 11 are electrically connected via a communication line 12 in the vehicle.
  • the communication line 12 is, for example, CAN (Controller Area Network) or LIN (Local Interconnect Network).
  • CAN Controller Area Network
  • LIN Local Interconnect Network
  • the vehicle 1 includes a radio wave transmitter 16 that transmits radio waves and a radio wave receiver 17 that receives radio waves.
  • the radio wave transmitter 16 includes, for example, an outdoor unit that transmits radio waves outdoors and an indoor unit that transmits radio waves indoors.
  • the radio wave transmitter 16 transmits radio waves in the LF (Low Frequency) band.
  • the radio wave receiver 17 receives radio waves in the UHF (Ultra High Frequency) band.
  • the electronic key system 4 communicates with the electronic key 2 by bidirectional communication of LF-UHF.
  • the electronic key 2 When the wake signal for activating the electronic key 2 is LF transmitted from the radio wave transmitter 16, when the electronic key 2 enters the communication area of the wake signal and receives it, the electronic key 2 is activated from the standby state and communicates with the verification ECU 9 ( ID verification (smart verification) is executed through (smart communication).
  • ID verification includes, for example, electronic key ID verification for confirming whether the electronic key ID is correct, challenge response authentication using an encryption key (in this example, an electronic key unique encryption key), and the like.
  • the verification ECU 9 permits or executes the locking and unlocking of the vehicle door 13 by the body ECU 10.
  • the collation ECU 9 When the collation ECU 9 confirms that the indoor electronic key 2 and ID collation (indoor smart collation) are established, the collation ECU 9 permits the power switch operation by the engine switch 18. Accordingly, for example, when the engine switch 18 is operated in a state where the brake pedal is depressed, the engine 6 is started.
  • the vehicle 1 includes a sharing system 21 in which a single vehicle 1 (shared object 19) is shared by a plurality of people.
  • the sharing system 21 of this example registers the encrypted key information Dk from the outside (in this example, the server 22) to the mobile terminal 23, and between the mobile terminal 23 and the sharing device 24 provided in the vehicle 1
  • the key information Dk is authenticated, and the authentication result is used as one condition for whether or not the vehicle 1 can be operated.
  • the key information Dk is preferably a one-time key (one-time password) that is permitted to be used only once, for example.
  • the portable terminal 23 includes a terminal control unit 27 that controls the operation of the portable terminal 23, a network communication module 28 that performs network communication, a short-range wireless module 29 that performs short-range wireless communication, and a memory 30 that can rewrite data. With. When the mobile terminal 23 acquires the key information Dk from the server 22 through network communication, the mobile terminal 23 writes and stores this key information Dk in the memory 30.
  • the near field communication is preferably, for example, Bluetooth (registered trademark).
  • the mobile terminal 23 includes a user interface application 31 that manages the operation of the sharing system 21.
  • the user interface application 31 is installed in the terminal control unit 27 by, for example, being downloaded from the server 22.
  • the terminal control unit 27 implements various processes such as a reservation procedure for the vehicle 1, user authentication, vehicle operation, operation authority assignment, and operation authority return.
  • the sharing device 24 is independent of the hardware of the electronic key system 4 of the vehicle 1 and is separately attached to the vehicle 1.
  • the sharing device 24 is a position of an electronic key that is effective only when, for example, the vehicle 1 is reserved for use. Power is supplied to the sharing device 24 from the battery + B of the vehicle 1.
  • the sharing device 24 includes a controller 34 that controls the operation of the sharing device 24, a smart communication block 35 that performs smart communication, a short-range wireless module 36 that performs short-range wireless communication, and a memory 37 that can rewrite data. And a timer unit 38 for managing the date and time. Whether or not the controller 34 can correctly decrypt the key information Dk with the encryption key in the memory 37 (in this example, the sharing device unique encryption key) when the key information Dk is received from the portable terminal 23 through short-range wireless communication. Is confirmed to determine whether or not the portable terminal 23 is valid.
  • the timer unit 38 is composed of, for example, a soft timer.
  • the sharing device 24 has a one-to-one relationship with the vehicle 1 by associating the sharing device ID registered therein with the vehicle ID (body number).
  • step 101 when the mobile terminal 23 makes a reservation for using the vehicle 1, the mobile terminal 23 performs user authentication through the server 22 and network communication.
  • user authentication for example, login (user ID and password authentication) and a vehicle reservation procedure are performed.
  • vehicle reservation procedure for example, the vehicle used and the date and time are input.
  • the user ID and password are input to the portable terminal 23 and transmitted to the server 22 through network communication.
  • the server 22 receives the user ID and password from the portable terminal 23, the server 22 authenticates them and continues the process if the authentication is established, and forcibly terminates the process if the authentication is not established.
  • step 102 when the user authentication is established, the server 22 generates key information Dk and transmits it to the portable terminal 23.
  • the server 22 generates key information Dk using, for example, an encryption key (for example, a sharing device unique encryption key) of the sharing device 24 mounted on the reserved vehicle.
  • an encryption key for example, a sharing device unique encryption key
  • a plaintext including data elements such as “reservation date and time”, “terminal ID”, and “user authentication key” is used as a predetermined encryption key (for example, a sharing device-specific encryption key).
  • This is a ciphertext generated by encrypting with an encryption method (encryption algorithm).
  • the terminal ID is a unique ID of the mobile terminal 23.
  • the user authentication key is a kind of key used in encrypted communication between the mobile terminal 23 and the sharing device 24 when the vehicle 1 is operated with the mobile terminal 23, for example.
  • step 103 the portable terminal 23 transmits the key information Dk registered therein by the short-range wireless communication at the start of use of the reserved vehicle.
  • the key information Dk is transmitted to the sharing device 24 through, for example, BLE (Bluetooth Low Energy).
  • step 104 when the sharing device 24 receives the key information Dk from the portable terminal 23, the sharing device 24 performs an authentication operation of the key information Dk.
  • the sharing device 24 decrypts the key information Dk using an encryption key (for example, a sharing device-specific encryption key) and confirms whether or not the decryption is successful.
  • the key information Dk received from the portable terminal 23 is correct, so that the authentication of the key information Dk is successful.
  • the sharing device 24 can acquire “reservation date / time”, “terminal ID”, and “user authentication key” included in the key information Dk.
  • the sharing device 24 shifts to the “authentication completed state” of the key information Dk, and the key function for operating the sharing device 24 as the electronic key 2 is valid (the key function is on). It becomes. Therefore, the sharing device 24 can execute smart communication (smart function) through the electronic key system 4. Further, the sharing device 24 writes and stores the key information Dk and the user authentication key in the memory 37 when the authentication of the key information Dk is established. On the other hand, if the authentication of the key information Dk is not established, the sharing device 24 determines that the key information Dk is incorrect and disconnects the BLE communication.
  • the sharing device 24 When the authentication of the key information Dk is established, the sharing device 24 notifies the mobile terminal 23 of the user authentication key acquired in this authentication by short-range wireless communication.
  • the mobile terminal 23 receives the user authentication key from the sharing device 24, it registers it in the memory 30. As described above, the user authentication key is registered in both the portable terminal 23 and the sharing device 24.
  • step 201 when the portable terminal 23 moves to the authentication completion state, and an operation request button (display button on the screen) is operated on the portable terminal 23, an operation request corresponding to the button is made.
  • the signal is transmitted to the sharing device 24 by short-range radio.
  • the operation request button is operated, for example, when the vehicle door 13 is unlocked, the unlock request button operated when the vehicle door 13 is locked, and when the vehicle 1 is allowed to start the engine 6.
  • the operation request signal is a signal including a command corresponding to the operated operation request button.
  • the operation request signal is transmitted after being encrypted with a user authentication key, for example.
  • step 202 when the operation request signal is received from the mobile terminal 23, the sharing device 24 performs smart communication with the verification ECU 9, and notifies the verification ECU 9 of the operation request signal received from the mobile terminal 23.
  • the sharing device 24 performs smart verification using the electronic key ID and encryption key registered in itself, and in the verification process, the operation request signal received from the portable terminal 23 is sent to the verification ECU 9. Notice.
  • step 203 when the collation ECU 9 confirms that the smart collation with the sharing device 24 is established, the collation ECU 9 executes an operation according to the operation request signal notified from the sharing device 24. Thereby, locking / unlocking of the vehicle door 13 and permission of engine start operation are performed.
  • the sharing system 21 is compatible with a valet parking service that requests parking or the like from a third party such as a valet staff.
  • a third party such as a valet staff.
  • the bullet key 41 is a kind of vehicle key (electronic key 2) that can operate the vehicle 1, and is used as a vehicle key lent to a third party.
  • the communication between the bullet key 41 and the vehicle 1 is not limited to Bluetooth, and may be, for example, normal smart communication. Even in this case, the communication between the bullet key 41 and the portable terminal 23 is preferably Bluetooth.
  • the bullet key 41 includes a key control unit 42 that controls the operation of the bullet key 41, an operation unit 43 that is operated when the vehicle 1 is operated by the bullet key 41, a communication module 44 that is capable of short-range wireless communication, and data And a rewritable memory 45.
  • the communication module 44 communicates with the mobile terminal 23 and the sharing device 24 through, for example, Bluetooth communication.
  • the operation unit 43 includes an unlock operation unit that is operated when the vehicle door 13 is unlocked, a lock operation unit that is operated when the vehicle door 13 is locked, and an engine start permission that is operated when the engine start is permitted. There are an operation unit and a power supply operation unit that is operated when the power of the bullet key 41 is turned on and off.
  • the sharing system 21 includes an authority grant unit 48 that grants the operation authority of the vehicle 1 from the portable terminal 23 to the bullet key 41.
  • the authority granting part 48 of this example includes a first authority granting part 48 a provided in the server 22, a second authority granting part 48 b provided in the mobile terminal 23, and a third authority granting part provided in the bullet key 41. 48c.
  • first key information Dk1 key information for the portable terminal 23
  • second key information Dk2 key information for the bullet key 41
  • the first key information Dk1 and the second key information Dk2 are also generated and transmitted to the mobile terminal 23.
  • the second authority grant unit 48b transmits the second key information Dk2 for the bullet key 41 to the bullet key 41, and the third authority grant unit 48c The second key information Dk2 is registered in the bullet key 41.
  • the first key information Dk1 includes “reservation date and time” when the vehicle 1 is used on the mobile terminal 23, “terminal ID” of the mobile terminal 23, and “user authentication key” used in encrypted communication between the mobile terminal 23 and the sharing device 24. “And other data elements.
  • the second key information Dk2 includes “reservation date and time” when the vehicle 1 is used with the bullet key 41, “terminal ID” of the bullet key 41, and “user” used in encrypted communication between the sharing device 24 and the bullet key 41. Includes data elements such as "authentication key”.
  • the sharing system 21 includes a reassignment processing unit 49 that grants a new operation authority of the vehicle 1 to the user when the vehicle 1 is returned.
  • the reassignment processor 49 includes a first reassignment processor 49 a provided in the server 22, a second reassignment processor 49 b provided in the mobile terminal 23, and a third reassignment process provided in the bullet key 41. Part 49c.
  • the reassignment processing unit 49 returns a bullet key operation authority (transfer key information) different from the bullet key operation authority (second key information Dk 2) already registered in the mobile terminal 23. Dk3) is newly assigned to the bullet key 41.
  • FIG. 5A it is assumed that the user who has borrowed the vehicle 1 arrives at the destination and drops off the vehicle 1. In this case, the user performs a return process by passing the vehicle 1 and the bullet key 41 to a serviceman or the like.
  • the memory 52 of the server 22 since the vehicle 1 was used by the user before arrival at the destination, the memory 52 of the server 22, the memories of the mobile terminal 23 and the sharing device 24, respectively.
  • the first key information Dk1 and the second key information Dk2 are already registered.
  • the operation authority of the vehicle 1 is not given to the bullet key 41, and neither the first key information Dk1 nor the second key information Dk2 is written in the memory 45.
  • FIG. 6 is a flowchart showing a procedure when a legitimate user who has borrowed the vehicle 1 arrives at the destination and performs a return process of the vehicle 1 (use example shown in FIG. 5).
  • step 301 when the mobile terminal 23 performs a return operation of the vehicle 1 in a state in which the mobile terminal 23 is in communication connection with the sharing device 24, the mobile terminal 23 notifies that effect.
  • a return notification is transmitted to the sharing device 24.
  • the return operation of the vehicle 1 is preferably an operation of displaying a return button on the screen of the mobile terminal 23 and tapping this, for example.
  • step 302 when the sharing device 24 receives the return notification from the portable terminal 23, the sharing function 24 turns off the key function. That is, the key function that has been previously turned on in the sharing device 24 is switched off.
  • step 303 the sharing device 24 transmits a return response to the mobile terminal 23 when the key function is turned off.
  • step 304 the portable terminal 23 and the sharing device 24 disconnect the communication between the portable terminal 23 and the sharing device 24 after the key function is turned off. Thereafter, the sharing apparatus 24 shifts to an advertisement packet (hereinafter referred to as “advertisement”) transmission state.
  • advertisement an advertisement packet
  • step 305 the server 22 (first reassignment processing unit 49a) and the mobile terminal 23 (second reassignment processing unit 49b) perform key information Dk (first key information Dk1 and second key registered in the mobile terminal 23).
  • the return process of information Dk2) is executed.
  • Return processing of the key information Dk (first key information Dk1 and second key information Dk2) is started, for example, by connecting the mobile terminal 23 to the server 22 and transmitting a return start request from the mobile terminal 23 to the server 22. .
  • step 306 when receiving the return start request from the mobile terminal 23, the server 22 (first re-granting processing unit 49a) confirms the mobile terminal 23 that has notified the return start request, and uses the mobile terminal 23 that is renting the vehicle. If it can be recognized, a return permission is transmitted to the portable terminal 23.
  • step 307 when the portable terminal 23 (second reassignment processing unit 49b) receives the return permission from the server 22, the key information Dk (first key information Dk1 and second key information) written in the memory 30 of the portable terminal 23 is received.
  • the key information Dk2) is deleted. That is, the first key information Dk1 and the second key information Dk2 acquired at the time of vehicle reservation are erased from the memory 30.
  • step 308 the portable terminal 23 (second reassignment processing unit 49b) inputs a drop-off rental reservation as a temporary use reservation of the vehicle 1 after the key information is returned.
  • the procedure for the lending and lending reservation is, for example, the same processing as the user authentication performed at the time of the above-described vehicle reservation, and for example, a user ID, a password, a vehicle to be used, etc. are input.
  • the return rental reservation button on the screen is tapped on the portable terminal 23.
  • step 309 the portable terminal 23 (second reassignment processing unit 49 b) transmits the input data at the time of the reserved lending reservation to the server 22.
  • the server 22 executes user authentication based on the input data at the time of the lending and lending reservation from the mobile terminal 23.
  • the server 22 (first reassignment processing unit 49a) continues the process if the user authentication is established, and forcibly terminates the process if the user authentication is not established.
  • the server 22 (first reassignment processing unit 49a) generates the drop-off key information Dk3 necessary for permitting temporary vehicle use after the vehicle is returned.
  • the drop-off key information Dk3 is constructed from the same data elements as the first key information Dk1 and the second key information Dk2.
  • the drop-off key information Dk3 includes “use time” when the vehicle 1 is temporarily used with the bullet key 41, “terminal ID” of the bullet key 41, and “user authentication” used in encrypted communication between the sharing device 24 and the bullet key 41. Key ”(information different from that included in the second key information Dk2) and the like.
  • step 311 the server 22 (first reassignment processing unit 49 a) transmits the generated drop-off key information Dk 3 to the mobile terminal 23.
  • step 312 when the portable terminal 23 (second reassignment processing unit 49 b) receives the drop-off key information Dk 3 from the server 22, it writes and saves this drop-off key information Dk 3 in the memory 30.
  • the drop-off key information Dk3 is registered instead of the first key information Dk1 and the second key information Dk2 registered at the time of vehicle reservation.
  • FIG. 7 is a flowchart showing a procedure for giving the drop-off key information Dk3 as “return bullet key operation authority” to the bullet key 41 from the portable terminal 23.
  • the bullet key 41 starts advertisement transmission of Bluetooth communication based on, for example, operation of the operation unit 43 (operation of the power supply operation unit).
  • the operation at this time is, for example, a long press of the power supply operation unit.
  • step 402 the mobile terminal 23 and the bullet key 41 connect Bluetooth (BLE) communication.
  • BLE Bluetooth
  • step 403 the bullet key 41 (third reassignment processing unit 49c) transmits a challenge request for requesting transmission of a challenge code to the mobile terminal 23 when communication with the mobile terminal 23 is connected.
  • step 404 when receiving the challenge request from the bullet key 41, the portable terminal 23 (second reassignment processing unit 49b) transmits a challenge code used for challenge response authentication to the bullet key 41.
  • step 405 upon receiving the challenge code from the mobile terminal 23, the bullet key 41 (third reassignment processing unit 49c) generates a response code using its own encryption key. Then, the bullet key 41 (third reassignment processing unit 49 c) transmits the generated response code to the mobile terminal 23.
  • step 406 when the mobile terminal 23 (second reassignment processing unit 49 b) receives the response code from the bullet key 41, the mobile terminal 23 compares the response code obtained through the same calculation with itself and executes response verification. At this time, if the response code calculated by the portable terminal 23 matches the response code calculated by the bullet key 41, the response verification is established and the processing is continued. On the other hand, if these response codes do not match, the response verification is not established and the process is forcibly terminated.
  • step 407 the portable terminal 23 (second reassignment processing unit 49b) transmits the drop-off key information Dk3 generated by itself to the bullet key 41 when the response verification is established. That is, the portable terminal 23 (second re-assignment processing unit 49b) grants the drop-off key information Dk3 to the bullet key 41, thereby permitting temporary use of the vehicle 1.
  • This drop-off key information Dk3 can be used only by the bullet key 41.
  • step 408 upon receiving the drop-off key information Dk3 from the portable terminal 23, the bullet key 41 (the third reassignment processing unit 49c) writes it into the memory 45. Thereby, the bullet key 41 can be temporarily used as a vehicle key.
  • step 409 upon completion of writing the drop-off key information Dk3 to the memory 45, the bullet key 41 (third reassignment processing unit 49c) transmits a reception response to that effect to the portable terminal 23.
  • step 410 the portable terminal 23 and the bullet key 41 disconnect the communication (Bluetooth communication) connection. Thereby, the communication between the portable terminal 23 and the bullet key 41 is terminated.
  • Bluetooth communication Bluetooth communication
  • step 411 the portable terminal 23 (second reassignment processing unit 49 b) deletes the information in the memory 30 after transmitting the drop-off key information Dk 3 to the bullet key 41. That is, all the key information Dk is erased from the memory 30 of the portable terminal 23, and the vehicle operation cannot be performed on the portable terminal 23.
  • FIG. 8 is a flowchart showing a procedure for receiving the valet parking service.
  • the sharing device 24 performs periodic advertisement transmission.
  • the transmission of advertisement is continued after the key function of the sharing device 24 is turned off.
  • step 502 the sharing device 24 and the bullet key 41 connect Bluetooth (BLE) communication.
  • BLE Bluetooth
  • step 503 the sharing device 24 transmits a key information request for requesting notification of the key information Dk to the bullet key 41.
  • step 504 upon receiving the key information request from the sharing device 24, the bullet key 41 shares the drop-off key information Dk3 registered in the bullet key 41 and the terminal ID that is the unique ID of the bullet key 41. Transmit to the ring device 24.
  • step 505 the sharing device 24 executes terminal ID authentication for authenticating the terminal ID of the bullet key 41 that is currently communicating.
  • the terminal ID authentication is authentication for comparing the terminal ID obtained by decrypting the drop-off key information Dk3 in the sharing device 24 with the terminal ID received directly from the bullet key 41. At this time, if the terminal ID authentication is established, the process is continued, and if the terminal ID authentication is not established, the process is forcibly terminated.
  • step 506 the sharing device 24 executes a reservation time check for confirming whether or not the reservation time notified from the bullet key 41 is valid.
  • the reservation time verification is authentication for comparing the reservation date and time obtained by decrypting the drop-off key information Dk3 in the sharing device 24 with the current time of the timer unit 38. At this time, if the reservation time collation is established, the process is continued, and if the reservation time collation is not established, the process is forcibly terminated.
  • step 507 the sharing device 24 writes the drop-off key information Dk3 to the memory 37 when both terminal ID authentication and reservation time verification are established.
  • the user authentication key calculated from the drop-off key information Dk3 is also written in the memory 37 in addition to the drop-off key information Dk3 and the terminal ID for the bullet key 41.
  • step 508 when the information writing to the memory 37 is completed, the sharing device 24 notifies the bullet key 41 of the user authentication key obtained by the calculation. Upon receiving the user authentication key from the sharing device 24, the bullet key 41 writes and stores it in the memory 45. As a result, encrypted communication using the user authentication key is possible between the sharing device 24 and the bullet key 41.
  • step 509 the bullet key 41 transmits a key-on request to the sharing device 24 after the user authentication key is written.
  • the sharing device 24 receives a key-on request from the bullet key 41, the sharing device 24 turns on the key function. As a result, the sharing device 24 can execute smart communication (smart verification) through the electronic key system 4.
  • step 511 when the key function is turned on, the sharing device 24 transmits a key-on notification to that effect to the bullet key 41.
  • the bullet key 41 recognizes that the key function of the sharing device 24 is turned on.
  • the service person starts the engine 6 of the vehicle 1 using the bullet key 41, and parks the vehicle 1 in a predetermined position.
  • FIG. 9 is a flowchart showing a procedure for automatically deleting the drop-off key information Dk3 of the bullet key 41.
  • the bullet key 41 third reassignment processing unit 49c
  • the sharing device 24 regardless of the connection state after a certain period of time has elapsed since the drop-off key information Dk3 was assigned to the bullet key 41. Disconnect.
  • step 602 the bullet key 41 (third reassignment processing unit 49c) deletes the information in the memory 45. That is, the drop-off key information Dk3 and the user authentication key written in the memory 45 of the bullet key 41 are deleted from the memory 45. As a result, the bullet key 41 cannot be used.
  • FIG. 10B another user newly makes a reservation for the vehicle 1, so any of the memories 30, 37, 45, of the server 22, the portable terminal 23, and the sharing device 24. Also in 52, the first key information Dk1 and the second key information Dk2 are not registered.
  • FIG. 11 is a flowchart showing a procedure when another user makes a reservation for using the vehicle 1 with his / her mobile terminal 23.
  • step 701 when the user performs a procedure for using the vehicle 1 with the mobile terminal 23, the mobile terminal 23 acquires user data input during the use procedure.
  • the use procedure as described above, for example, a user ID, a password, a use date and time of the vehicle 1 and the like are input.
  • the portable terminal 23 transmits user data acquired by the use procedure to the server 22.
  • the mobile terminal 23 also transmits the terminal ID of the mobile terminal 23 and the terminal ID of the bullet key 41 as user data.
  • step 702 when receiving the user data from the mobile terminal 23, the server 22 (first authority grant unit 48a) generates key information Dk.
  • the server 22 (first authority grant unit 48a) issues not only new first key information (hereinafter referred to as new first key information Dk1 ′) to be issued to the mobile terminal 23, but also to the bullet key 41.
  • New second key information (hereinafter referred to as new second key information Dk2 ′) is generated.
  • the server 22 (first authority giving unit 48a) transmits the generated new first key information Dk1 'and new second key information Dk2' to the mobile terminal 23.
  • the new first key information Dk1 'and the new second key information Dk2' include different user authentication keys.
  • step 703 when the portable terminal 23 (second authority grant unit 48b) receives the new first key information Dk1 ′ and the new second key information Dk2 ′ from the server 22, the new first key information Dk1 ′ and the new second key information Dk1 ′ are received.
  • the key information Dk2 ′ is written and stored in the memory 30.
  • the new first key information Dk1 'and the new second key information Dk2' are registered in the portable terminal 23 of another user.
  • FIG. 12 is a flowchart showing a procedure when the “operation authority” (new second key information Dk2 ′) of the vehicle 1 is given to the bullet key 41 from the portable terminal 23 of another user.
  • the bullet key 41 is switched to a power-on state, for example, when the operation unit 43 is operated.
  • the power-on operation is preferably an operation of the power operation unit of the bullet key 41, for example.
  • step 802 when the bullet key 41 is switched to power-on, it starts advertising transmission of Bluetooth communication.
  • step 803 the portable terminal 23 inputs a selection operation of the bullet key 41 for connecting the Bluetooth communication. That is, the connection destination of Bluetooth communication is selected in the portable terminal 23 of another user.
  • step 804 the mobile terminal 23 and the bullet key 41 connect Bluetooth (BLE) communication.
  • BLE Bluetooth
  • step 805 when communication with the mobile terminal 23 is connected, the bullet key 41 (third authority grant unit 48c) transmits a challenge request for requesting transmission of a challenge code to the mobile terminal 23.
  • step 806 when the portable terminal 23 (second authority grant unit 48 b) receives the challenge request from the bullet key 41, it transmits a challenge code used for challenge response authentication to the bullet key 41.
  • Step 807 upon receiving the challenge code from the portable terminal 23, the bullet key 41 (third authority grant unit 48c) generates a response code using its own encryption key. Then, the bullet key 41 (third authority granting unit 48 c) transmits the generated response code to the mobile terminal 23.
  • step 808 when the mobile terminal 23 (second authority grant unit 48b) receives the response code from the bullet key 41, the mobile terminal 23 compares the response code obtained through the same calculation with itself and executes response verification. At this time, if the response code calculated by the portable terminal 23 matches the response code calculated by the bullet key 41, the response verification is established and the processing is continued. On the other hand, if these response codes do not match, the response verification is not established and the process is forcibly terminated.
  • Step 809 when the response verification is established, the mobile terminal 23 (second authority grant unit 48 b) transmits the new second key information Dk ⁇ b> 2 ′ for the bullet key 41 registered in itself to the bullet key 41. That is, the portable terminal 23 (second authority granting part 48 b) gives the second key information Dk 2 ′ (valet key operation authority) for operating the vehicle 1 with the bullet key 41 to the bullet key 41.
  • the new second key information Dk2 ' can be used only with the bullet key 41.
  • step 810 upon receiving the new second key information Dk2 'from the mobile terminal 23, the bullet key 41 (third authority grant unit 48c) writes the new second key information Dk2' in the memory 45. Thereby, the bullet key 41 can be used as a vehicle key.
  • Step 811 the mobile terminal 23 (second authority grant unit 48 b) sets the mobile terminal 23 of another user to the bullet key valid mode.
  • the mobile terminal 23 enters the bullet key valid mode, the mobile terminal 23 is in an “unusable” state where it cannot be used as a vehicle key.
  • step 812 the mobile terminal 23 and the bullet key 41 disconnect the communication (Bluetooth communication). Thereby, the communication between the portable terminal 23 and the bullet key 41 is terminated. Then, the service person starts the engine 6 of the vehicle 1 using the bullet key 41 and dispatches the vehicle 1 to a predetermined position. Note that the operation for operating the vehicle 1 with the bullet key 41 is the same as the step 401 to the step 411 in FIG.
  • FIG. 13 is a flowchart showing a procedure for invalidating the “operation authority” (new second key information Dk2 ′) given to the bullet key 41 from the portable terminal 23.
  • steps 901 to 904 are the same processing as steps 801 to 804 described above (see FIG. 12), and thus description thereof is omitted.
  • step 905 when the user performs an operation of invalidating the operation authority of the bullet key 41 on the mobile terminal 23, the mobile terminal 23 (second authority granting unit 48b) inputs this operation authority invalidation request.
  • the invalidation operation of the operation authority of the bullet key 41 is preferably an aspect in which, for example, an invalidation request button is displayed on the screen of the mobile terminal 23 and this button is selected and operated.
  • step 906 the portable terminal 23 (second authority grant unit 48 b) transmits a challenge code when an operation for invalidating the operation authority is performed on the portable terminal 23.
  • step 907 upon receiving the challenge code from the mobile terminal 23, the bullet key 41 (third authority granting unit 48c) generates a response code using its own encryption key. Then, the bullet key 41 (third authority granting unit 48 c) transmits the generated response code to the mobile terminal 23.
  • step 908 when the portable terminal 23 (second authority grant unit 48b) receives the response code from the bullet key 41, the portable terminal 23 compares the response code obtained through the same calculation with itself and executes response verification. At this time, if the response code calculated by the portable terminal 23 matches the response code calculated by the bullet key 41, the response verification is established and the processing is continued. On the other hand, if these response codes do not match, the response verification is not established and the process is forcibly terminated.
  • step 909 when the response verification is established, the mobile terminal 23 (second authority grant unit 48 b) transmits an invalidation request for invalidating the operation authority given to the bullet key 41.
  • step 511 upon receiving the invalidation request from the mobile terminal 23, the bullet key 41 (third authority grant unit 48c) invalidates the operation authority of the vehicle 1.
  • the new second key information Dk2 '(user authentication key) written in the memory 45 of the bullet key 41 is deleted. As a result, the vehicle 1 cannot be operated with the bullet key 41.
  • step 911 the mobile terminal 23 and the bullet key 41 disconnect the communication (Bluetooth communication). Thereby, the communication between the portable terminal 23 and the bullet key 41 is terminated.
  • FIG. 14 is a flowchart illustrating a procedure when user authentication is performed between the mobile terminal 23 and the sharing device 24. This is a procedure performed when another user uses the vehicle 1 with his / her mobile terminal 23.
  • step 1001 the portable terminal 23 and the sharing device 24 connect Bluetooth (BLE) communication.
  • BLE Bluetooth
  • step 1002 the sharing apparatus 24 transmits a key information request for requesting the bullet key 41 to notify the key information Dk.
  • the mobile terminal 23 receives the key information request from the sharing device 24, the mobile terminal 23 obtains the new first key information Dk1 ′ registered in the mobile terminal 23 and the terminal ID that is the unique ID of the mobile terminal 23. To the sharing device 24.
  • step 1004 the sharing device 24 executes terminal ID authentication for authenticating the terminal ID of the mobile terminal 23 that is currently communicating.
  • the terminal ID authentication is an authentication for comparing the terminal ID obtained by decrypting the new first key information Dk1 ′ in the sharing device 24 with the terminal ID received directly from the mobile terminal 23. At this time, if the terminal ID authentication is established, the process is continued, and if the terminal ID authentication is not established, the process is forcibly terminated.
  • step 1005 the sharing apparatus 24 executes a reservation time check for confirming whether or not the reservation time notified from the mobile terminal 23 is valid.
  • the reservation time collation is authentication for comparing the reservation date and time obtained by decrypting the new first key information Dk1 'in the sharing device 24 with the current time of the timer unit 38. At this time, if the reservation time collation is established, the process is continued, and if the reservation time collation is not established, the process is forcibly terminated.
  • step 1006 the sharing device 24 writes the new first key information Dk1 'to the memory 37 when both terminal ID authentication and reservation time verification are established.
  • the user authentication key calculated from the new first key information Dk1 ′ is also written in the memory 37.
  • the same processing as in the above-described steps 508 to 511 is executed, and the key function of the sharing device 24 is turned on.
  • the mobile terminal 23 of another user can be used as a vehicle key.
  • a return bullet key operating authority (transfer key information Dk3) used only at the time of the return is newly assigned to the bullet key 41. And the vehicle 1 can be operated with the bullet key 41.
  • the return bullet key operation authority (drop-off key information Dk3) to be given at this time is a dedicated authority used only when the vehicle 1 is returned, and is therefore an authority content specialized for return work. Therefore, the vehicle 1 can be safely returned using the valet parking service.
  • the reassignment processing unit 49 deletes the information in the memory 30 of the portable terminal 23 when the return bullet key operating authority (the drop-off key information Dk3) is granted to the bullet key 41 when the vehicle 1 is returned. Therefore, since the portable terminal 23 can be disabled after the vehicle 1 is returned, it is further advantageous in improving security against unauthorized use of the vehicle 1.
  • the re-assignment processing unit 49 sets the drop-off key information Dk3 assigned to the bullet key 41 when a prescribed condition is satisfied (for example, a certain time has elapsed). Let it be erased automatically. Therefore, it is possible to delete the drop-off key information Dk3 assigned to the bullet key 41 when the vehicle 1 is returned, which is further advantageous in improving the security against unauthorized use of the vehicle 1.
  • the return bullet key operation authority (discard key information Dk3) granted by the reassignment processing unit 49 is permitted to use the vehicle 1, the operation authority is not considered to be the use of the vehicle 1 by the user. It is.
  • the return bullet key operation authority (drop-off key information Dk3) granted by the re-assignment processing unit 49 is an operation authority that is not charged when using the vehicle 1.
  • the return bullet key operation authority (removal key information Dk3) is re-assigned, the user is not affected even if the vehicle 1 is used. Therefore, it becomes difficult to use the vehicle 1 that is not intended by the user.
  • the operation authority is key information Dk used in authentication between the portable terminal 23 and the sharing device 24, and this key information Dk is a one-time key that can be used only once. Therefore, the situation in which the key information Dk is illegally used and the vehicle 1 is operated is less likely to occur, which is advantageous in improving security against unauthorized use.
  • the authority grant unit 48 allows the authorized user to use the bullet key 41 during normal use by providing the bullet key 41 with the second key information Dk2 for the bullet key 41 acquired when the vehicle 1 is reserved for use. . Thereby, when the vehicle 1 is returned, only the process of updating the second key information Dk2 for the bullet key 41 registered in the portable terminal 23 during the reservation procedure of the vehicle 1 to the drop-off key information Dk3 is sufficient. Therefore, the operation imposed on the user when the vehicle 1 is returned can be simplified.
  • this embodiment can be implemented with the following modifications.
  • the present embodiment and the following modifications can be implemented in combination with each other within a technically consistent range.
  • the operation authority given initially and the operation authority given at the time of return of the vehicle 1 are not limited to being a one-time key (key information Dk), These may be different types of information.
  • the content included in the drop-off key information Dk3 may be information different from the content included in the key information Dk at the start of use.
  • the writing start of the drop-off key information Dk3 to the bullet key 41 is not limited to a long press of the power operation unit, but is changed to other modes such as an operation using the operation unit 43 other than the power operation unit. May be.
  • the re-granted operation authority may be registered in the bullet key 41 in a manner different from the operation authority given to the mobile terminal 23 at the start of use.
  • the erasure of the drop-off key information Dk3 is not limited to the condition that a certain time has elapsed. For example, you may change into other parameters, such as use frequency and time.
  • the sharing device 24 may be retrofitted to the vehicle 1 or may be pre-assembled to the vehicle 1.
  • the sharing device 24 may be integrated with the verification ECU 9, and these may be one unit part.
  • the mounting location of the sharing device 24 is not particularly limited.
  • the reservation procedure for the vehicle 1 is not limited to being performed by the mobile terminal 23 but may be performed by the bullet key 41, for example.
  • the reservation procedure for the vehicle 1 may be performed using only the bullet key 41, for example, without passing through the portable terminal 23.
  • -Authentication of the portable terminal 23 and the sharing apparatus 24 is not limited to authentication of the key information Dk, It can change into another method.
  • the operation authority is not limited to the method of giving the key information Dk to the other party, and may be changed to another method such as a method of giving a use permission command.
  • -Short-range wireless communication is not limited to Bluetooth communication, but can be changed to another communication method.
  • the key information Dk is not limited to a one-time key, and may be information that is restricted in use.
  • the content included in the key information Dk can be changed to a mode other than the embodiment.
  • the key information Dk is not limited to being generated by the server 22, and may be anywhere as long as it is external.
  • the encryption key used for encryption communication may be any key among, for example, a sharing device unique encryption key, a user authentication key, and an electronic key unique encryption key. For example, switching the encryption key used during the process is advantageous in improving the security of communication. Further, the encryption key to be used is not limited to the above-described key, and may be changed to various types.
  • the mobile terminal 23 is not limited to a high-function mobile phone, and can be changed to various terminals.
  • the portable terminal 23 and the sharing device 24 may acquire the user authentication key by any procedure or method.
  • the key function can be switched on under any condition.
  • the authority grant unit 48 and the re-grant processing unit 49 are not limited to those functionally generated by the user interface application 31, but may be generated by other methods or may be constructed from hardware elements. .
  • the operation-free electronic key system 4 is not limited to a system that performs smart verification while arranging transmitters inside and outside the vehicle and determining the inside / outside position of the electronic key 2.
  • a system may be used in which antennas (LF antennas) are arranged on the left and right sides of the vehicle body, and the position of the electronic key 2 inside and outside the vehicle is determined by checking the combination of responses of the electronic key 2 to radio waves transmitted from these antennas.
  • LF antennas LF antennas
  • the ID verification imposed on the electronic key system 4 is not limited to verification including challenge response authentication, and may be any authentication or verification as long as at least electronic key ID verification is performed.
  • the electronic key system 4 may be, for example, a wireless key system that performs ID collation triggered by communication from the electronic key 2.
  • the electronic key 2 is not limited to a smart key (registered trademark), and may be a wireless key.
  • the verification ECU 9 and the sharing device 24 are not limited to a wireless communication method, and may be connected by wire, for example. In this case, various commands are transmitted from the sharing device 24 to the verification ECU 9 via a wire. Even in this case, the verification ECU 9 can be operated by a command from the sharing device 24.
  • the sharing device 24 is not limited to the configuration using the electronic key system when operating the share object 19. In this case, the sharing device 24 directly sends a command to a controller (CPU) that controls the operation of the share object 19 to operate the share object 19. In this configuration, the key function of the sharing device 24 can be omitted.
  • the sharing system 21 is not limited to being applied to the vehicle 1, but may be applied to other devices and devices such as a house (sharing house), a shared delivery box, and a coin parking. Therefore, the share target 19 is not limited to the vehicle 1 and can be changed to another target.
  • a sharing method Import key information necessary for using shared objects to mobile devices, Authenticating the portable terminal through communication with a sharing device provided in the sharing target, and enabling the sharing target to be operated by the portable terminal when the portable terminal is authenticated; Granting the bullet key the authority to operate the shared object with the bullet key, When returning the shared object, a sharing method comprising: newly giving a return bullet key operation authority different from the bullet key operation authority already registered in the mobile terminal to the bullet key .

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Health & Medical Sciences (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Primary Health Care (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • Economics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Mechanical Engineering (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Lock And Its Accessories (AREA)
  • Selective Calling Equipment (AREA)
  • Telephonic Communication Services (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A sharing system (21) is provided with: a right addition unit (48 (48a-48c)) for adding, to a valet key (41), a valet key operation right (Dk2) for enabling the operation by the valet key (41) of a to-be-shared object (19); and a re-addition processing unit (49 (49a-49c)) that, when the object (19) being shared is returned, adds a new valet key operation right (Dk3) for return, which is separate from the valet key operation right (Dk2) already registered in a portable terminal (23), to the valet key (41).

Description

シェアリングシステムSharing system
 本発明は、シェア対象物を複数人の間で使用可能にするシェアリングシステムに関する。 The present invention relates to a sharing system that enables a shared object to be used among a plurality of people.
 従来、1つのシェア対象物を複数人で共通使用するシェアリングシステムとして、1台の車両(シェア車両)を複数人の間で使用するカーシェアリングシステムが周知である(特許文献1,2等参照)。この種のカーシェアリングシステムでは、例えばカーシェア使用の登録を予め行っておき、例えば携帯端末(高機能携帯電話等)で車両予約を行った上で、予約時間内において車両の使用が許可される。 Conventionally, a car sharing system in which a single vehicle (shared vehicle) is used among a plurality of people is known as a sharing system in which one share object is commonly used by a plurality of people (see Patent Documents 1 and 2). ). In this type of car sharing system, for example, car share use is registered in advance, for example, a vehicle reservation is made with a mobile terminal (high function mobile phone or the like), and use of the vehicle is permitted within the reservation time. .
特開2016-115077号公報JP 2016-115077 A 特開2016-71834号公報JP 2016-71834 A
 ところで、この種のカーシェアシステムにおいて、バレットパーキングサービスを使用して車両返却することも想定される。このとき、例えば携帯端末から通信等を通じてバレットキーに車両の操作権限を付与し、バレットキーでの車両操作を許可することになる。しかし、この場合、バレットキーの使用期間は、車両予約時に携帯端末に予め設定した操作権限の有効時間(携帯端末で指定した予約時間)に応じた時間になってしまう。このため、バレットパーキングサービスの利用の途中で急にバレットキーの有効時間が切れたり、バレットキーをユーザが意図しないほど長く使用できたりしてしまう可能性がある。よって、バレットパーキングサービスで車両返却を安全に行うことができない。 By the way, in this kind of car sharing system, it is assumed that the vehicle is returned using the valet parking service. At this time, for example, a vehicle operation authority is given to the bullet key through communication or the like from the portable terminal, and the vehicle operation with the bullet key is permitted. However, in this case, the usage period of the valet key is a time corresponding to the valid time of the operation authority preset in the mobile terminal at the time of vehicle reservation (the reservation time specified by the mobile terminal). For this reason, there is a possibility that the valid time of the bullet key may suddenly expire during the use of the bullet parking service, or the bullet key may be used for a longer time than the user intends. Therefore, the vehicle cannot be safely returned by the valet parking service.
 本発明の目的は、シェア対象物の安全な返却を可能にしたシェアリングシステムを提供することにある。 An object of the present invention is to provide a sharing system that enables a safe return of an object to be shared.
 一実施形態のシェアリングシステムは、シェア対象物に設けられたシェアリング装置と、前記シェア対象物を操作可能なバレットキーと、前記シェア対象物の使用に必要な鍵情報を取り込み、前記シェアリング装置との通信を通じて認証された場合に前記シェア対象物を操作可能となる携帯端末とを備える。前記シェアリングシステムはさらに、前記バレットキーによる前記シェア対象物の操作を可能にするバレットキー操作権限を前記バレットキーに付与する権限付与部と、前記シェア対象物を返却する場合に、前記携帯端末に既に登録されている前記バレットキー操作権限とは別の返却用バレットキー操作権限を前記バレットキーに新たに付与する再付与処理部とを備える。 A sharing system according to an embodiment includes a sharing device provided in a shared object, a bullet key capable of operating the shared object, and key information necessary for using the shared object, and the sharing And a portable terminal capable of operating the share target object when authenticated through communication with the apparatus. The sharing system further includes an authority granting unit that grants the bullet key operating authority to the bullet key that enables the manipulation of the share object using the bullet key, and the portable terminal when the share object is returned. A re-granting processing unit for newly granting a return bullet key operation authority different from the previously-registered bullet key operation authority to the bullet key.
 本構成によれば、バレットキーを使用したシェア対象物の返却を行う場合、この返却時のときにのみ使用する返却用バレットキー操作権限を新たにバレットキーに付与して、このバレットキーでシェア対象物を操作できるようにする。このとき付与する返却用バレットキー操作権限は、シェア対象物の返却時にのみ使用する専用の権限であるので、返却作業に特化された権限内容となっている。よって、シェア対象物の安全な返却が可能となる。 According to this configuration, when returning an object to be shared using a bullet key, a return bullet key operation authority used only at the time of the return is newly granted to the bullet key, and sharing is performed with this bullet key. Make the object operable. The return bullet key operating authority to be given at this time is an exclusive authority that is used only when returning the shared object, and is therefore an authority content specialized for the return work. Therefore, it is possible to return the share object safely.
 前記シェアリングシステムにおいて、前記再付与処理部は、前記シェア対象物の返却時に前記返却用バレットキー操作権限を前記バレットキーに付与した場合に、前記携帯端末のメモリ内の情報を削除することが好ましい。この構成によれば、シェア対象物の返却後、携帯端末を使用不可にしておくことが可能となるので、シェア対象物の不正使用に対するセキュリティ性の向上に一層有利となる。 In the sharing system, the reassignment processing unit may delete information in the memory of the mobile terminal when the return bullet key operation authority is granted to the bullet key when the share object is returned. preferable. According to this configuration, the portable terminal can be disabled after the share object is returned, which is further advantageous in improving the security against unauthorized use of the share object.
 前記シェアリングシステムにおいて、前記再付与処理部は、規定の条件が満たされると、前記バレットキーに付与された前記返却用バレットキー操作権限を自動で消去することが好ましい。この構成によれば、シェア対象物の返却時にバレットキーに付与した操作権限を消去しておくことが可能となるので、シェア対象物の不正使用に対するセキュリティ性の向上に一層有利となる。 In the sharing system, it is preferable that the reassignment processing unit automatically deletes the return bullet key operating authority given to the bullet key when a prescribed condition is satisfied. According to this configuration, it is possible to erase the operation authority given to the bullet key when returning the shared object, which is further advantageous in improving the security against unauthorized use of the shared object.
 前記シェアリングシステムにおいて、前記再付与処理部により付与される前記返却用バレットキー操作権限は、前記シェア対象物の使用が許可されるものではあっても、ユーザによる前記シェア対象物の使用とはみなされない操作権限である。この構成によれば、操作権限が再付与された後は、シェア対象物が使用されてもユーザには影響はない。よって、ユーザの意図しないシェア対象物の使用が生じ難くなる。 In the sharing system, the return bullet key operation authority granted by the re-grant processing unit is permitted to use the share object, but the use of the share object by the user is not permitted. Unauthorized operation authority. According to this configuration, after the operation authority is re-assigned, the user is not affected even if the share target is used. Therefore, it becomes difficult to use the shared object unintended by the user.
 本発明によれば、シェア対象物の安全な返却を行うことができる。 According to the present invention, it is possible to safely return an object to be shared.
一実施形態のシェアリングシステムの構成図。The block diagram of the sharing system of one Embodiment. ユーザ認証の手順を示す説明図。Explanatory drawing which shows the procedure of user authentication. 携帯端末による車両操作の手順を示す説明図。Explanatory drawing which shows the procedure of the vehicle operation by a portable terminal. バレットキーに操作権限を付与する手順を示す説明図。Explanatory drawing which shows the procedure which gives the operation authority to a bullet key. (a)はバレットパーキングサービスで車両を返却する場合の流れを示す概要図、(b)は目的地到着時の各メモリの状態図。(A) is a schematic diagram which shows the flow in the case of returning a vehicle by valet parking service, (b) is a state diagram of each memory at the time of destination arrival. 車両の返却処理の手順を示すフローチャート。The flowchart which shows the procedure of the return process of a vehicle. バレットキー41に乗り捨て用鍵情報を付与するときの手順を示すフローチャート。The flowchart which shows the procedure at the time of giving drop-off key information to the bullet key 41. FIG. バレットパーキングサービスを受けるときの手順を示すフローチャート。The flowchart which shows the procedure when receiving a valet parking service. バレットキーの乗り捨て用鍵情報3を自動消去する手順を示すフローチャート。The flowchart which shows the procedure which deletes automatically the key information 3 for discarding the bullet key. (a)はバレットパーキングサービスで車両を貸し出す流れを示す概要図、(b)は別ユーザによる車両予約時の各メモリの状態図。(A) is a schematic diagram showing a flow of renting a vehicle in the valet parking service, (b) is a state diagram of each memory at the time of vehicle reservation by another user. 別ユーザが車両使用の予約をするときの手順を示すフローチャート。The flowchart which shows the procedure when another user makes a reservation of vehicle use. 別ユーザの携帯端末からバレットキーに車両の操作権限を付与するときの手順を示すフローチャート。The flowchart which shows the procedure when giving the operation authority of a vehicle to a bullet key from another user's portable terminal. バレットキーに付与した操作権限を無効にするときの手順を示すフローチャート。The flowchart which shows the procedure at the time of invalidating the operation authority provided to the bullet key. 別ユーザによるユーザ認証の手順を示すフローチャート。The flowchart which shows the procedure of the user authentication by another user.
 以下、シェアリングシステムの一実施形態を図1~図14に従って説明する。
 図1に示すように、車両1は、電子キー2との無線によりID照合を行って車載機器3の作動を実行又は許可する電子キーシステム4を備える。電子キーシステム4は、車両1からの通信を契機に狭域無線によりID照合(スマート照合)を実行するキー操作フリーシステムである。キー操作フリーシステムは、電子キー2を直に操作することなく自動でID照合が行われるものである。車載機器3は、例えばドアロック装置5やエンジン6などがある。 Hereinafter, an embodiment of a sharing system will be described with reference to FIGS.
As shown in FIG. 1, the vehicle 1 includes an electronic key system 4 that performs ID verification with the electronic key 2 wirelessly to execute or permit the operation of the in-vehicle device 3. The electronic key system 4 is a key operation-free system that executes ID collation (smart collation) by narrow-band radio in response to communication from the vehicle 1. The key operation free system automatically performs ID verification without directly operating the electronic key 2. The in-vehicle device 3 includes, for example, a door lock device 5 and an engine 6.
 車両1は、ID照合を行う照合ECU(Electronic Control Unit)9と、車載電装品の電源を管理するボディECU10と、エンジン6を制御するエンジンECU11とを備える。これらECU9~11は、車内の通信線12を介して電気接続されている。通信線12は、例えばCAN(Controller Area Network)やLIN(Local Interconnect Network)である。照合ECU9及び電子キー2の各メモリ(図示略)には、車両1に登録された電子キー2の電子キーIDと、ID照合の認証時に使用する電子キー固有暗号鍵とが登録されている。ボディECU10は、車両ドア13の施解錠を切り替えるドアロック装置5を制御する。 The vehicle 1 includes a verification ECU (Electronic Control Unit) 9 that performs ID verification, a body ECU 10 that manages the power supply of the on-vehicle electrical components, and an engine ECU 11 that controls the engine 6. These ECUs 9 to 11 are electrically connected via a communication line 12 in the vehicle. The communication line 12 is, for example, CAN (Controller Area Network) or LIN (Local Interconnect Network). In each memory (not shown) of the verification ECU 9 and the electronic key 2, an electronic key ID of the electronic key 2 registered in the vehicle 1 and an electronic key unique encryption key used for authentication of ID verification are registered. The body ECU 10 controls the door lock device 5 that switches between locking and unlocking the vehicle door 13.
 車両1は、電波を送信する電波送信機16と、電波を受信する電波受信機17とを備える。図示しないが、電波送信機16は、例えば室外に電波を送信する室外用と、室内に電波を送信する室内用とを備える。電波送信機16は、LF(Low Frequency)帯の電波を送信する。電波受信機17は、UHF(Ultra High Frequency)帯の電波を受信する。電子キーシステム4は、LF-UHFの双方向通信により電子キー2と通信する。 The vehicle 1 includes a radio wave transmitter 16 that transmits radio waves and a radio wave receiver 17 that receives radio waves. Although not shown, the radio wave transmitter 16 includes, for example, an outdoor unit that transmits radio waves outdoors and an indoor unit that transmits radio waves indoors. The radio wave transmitter 16 transmits radio waves in the LF (Low Frequency) band. The radio wave receiver 17 receives radio waves in the UHF (Ultra High Frequency) band. The electronic key system 4 communicates with the electronic key 2 by bidirectional communication of LF-UHF.
 電子キー2を起動させるウェイク信号が電波送信機16からLF送信されているとき、電子キー2は、ウェイク信号の通信エリアに進入して受信すると、待機状態から起動し、照合ECU9との通信(スマート通信)を通じ、ID照合(スマート照合)を実行する。スマート照合には、例えば電子キーIDの正否を確認する電子キーID照合や、暗号鍵(本例では、電子キー固有暗号鍵)を用いたチャレンジレスポンス認証などが含まれる。照合ECU9は、室外の電子キー2とID照合(室外スマート照合)が成立することを確認すると、ボディECU10による車両ドア13の施解錠を許可又は実行する。 When the wake signal for activating the electronic key 2 is LF transmitted from the radio wave transmitter 16, when the electronic key 2 enters the communication area of the wake signal and receives it, the electronic key 2 is activated from the standby state and communicates with the verification ECU 9 ( ID verification (smart verification) is executed through (smart communication). The smart verification includes, for example, electronic key ID verification for confirming whether the electronic key ID is correct, challenge response authentication using an encryption key (in this example, an electronic key unique encryption key), and the like. When confirming that the outdoor electronic key 2 and ID verification (outdoor smart verification) are established, the verification ECU 9 permits or executes the locking and unlocking of the vehicle door 13 by the body ECU 10.
 照合ECU9は、室内の電子キー2とID照合(室内スマート照合)が成立することを確認すると、エンジンスイッチ18による電源遷移操作を許可する。これにより、例えばブレーキペダルを踏み込んだ状態でエンジンスイッチ18が操作されると、エンジン6が始動される。 When the collation ECU 9 confirms that the indoor electronic key 2 and ID collation (indoor smart collation) are established, the collation ECU 9 permits the power switch operation by the engine switch 18. Accordingly, for example, when the engine switch 18 is operated in a state where the brake pedal is depressed, the engine 6 is started.
 車両1は、1台の車両1(シェア対象物19)を複数人で共用するシェアリングシステム21を備える。本例のシェアリングシステム21は、暗号化された鍵情報Dkを外部(本例はサーバ22)から携帯端末23に登録し、携帯端末23と車両1に設けたシェアリング装置24との間で鍵情報Dkの認証を実行し、その認証結果を車両1の操作可否の1条件とするものである。鍵情報Dkは、例えば1度のみ使用が許可されたワンタイムキー(ワンタイムパスワード)であることが好ましい。 The vehicle 1 includes a sharing system 21 in which a single vehicle 1 (shared object 19) is shared by a plurality of people. The sharing system 21 of this example registers the encrypted key information Dk from the outside (in this example, the server 22) to the mobile terminal 23, and between the mobile terminal 23 and the sharing device 24 provided in the vehicle 1 The key information Dk is authenticated, and the authentication result is used as one condition for whether or not the vehicle 1 can be operated. The key information Dk is preferably a one-time key (one-time password) that is permitted to be used only once, for example.
 携帯端末23は、携帯端末23の作動を制御する端末制御部27と、ネットワーク通信を行うネットワーク通信モジュール28と、近距離無線通信を行う近距離無線モジュール29と、データ書き替えが可能なメモリ30とを備える。携帯端末23は、サーバ22からネットワーク通信を通じて鍵情報Dkを取得した場合、この鍵情報Dkをメモリ30に書き込み保存する。近距離無線通信は、例えばブルートゥース(Bluetooth:登録商標)であることが好ましい。 The portable terminal 23 includes a terminal control unit 27 that controls the operation of the portable terminal 23, a network communication module 28 that performs network communication, a short-range wireless module 29 that performs short-range wireless communication, and a memory 30 that can rewrite data. With. When the mobile terminal 23 acquires the key information Dk from the server 22 through network communication, the mobile terminal 23 writes and stores this key information Dk in the memory 30. The near field communication is preferably, for example, Bluetooth (registered trademark).
 携帯端末23は、シェアリングシステム21の作動を管理するユーザインターフェースアプリケーション31を備える。ユーザインターフェースアプリケーション31は、例えばサーバ22からダウンロードされるなどして、端末制御部27にインストールされる。端末制御部27は、ユーザインターフェースアプリケーション31を実行することで、例えば車両1の予約手続き、ユーザ認証、車両操作、操作権限の付与、操作権限の返却など、種々の処理を実現する。 The mobile terminal 23 includes a user interface application 31 that manages the operation of the sharing system 21. The user interface application 31 is installed in the terminal control unit 27 by, for example, being downloaded from the server 22. By executing the user interface application 31, the terminal control unit 27 implements various processes such as a reservation procedure for the vehicle 1, user authentication, vehicle operation, operation authority assignment, and operation authority return.
 シェアリング装置24は、車両1の電子キーシステム4のハードウェアから独立し、車両1に別途取り付けられる。シェアリング装置24は、例えば車両1の使用予約時間内のときのみ有効になる電子キーの位置付けである。シェアリング装置24には、車両1のバッテリ+Bから電源が供給されている。 The sharing device 24 is independent of the hardware of the electronic key system 4 of the vehicle 1 and is separately attached to the vehicle 1. The sharing device 24 is a position of an electronic key that is effective only when, for example, the vehicle 1 is reserved for use. Power is supplied to the sharing device 24 from the battery + B of the vehicle 1.
 シェアリング装置24は、シェアリング装置24の作動を制御するコントローラ34と、スマート通信を行うスマート通信ブロック35と、近距離無線通信を行う近距離無線モジュール36と、データ書き替え可能なメモリ37と、日時を管理するタイマ部38とを備える。コントローラ34は、携帯端末23から近距離無線を通じて鍵情報Dkを受信した場合に、メモリ37内の暗号鍵(本例では、シェアリング装置固有暗号鍵)によって鍵情報Dkを正しく復号できるか否かを確認することにより、携帯端末23が正当なものか否かを判定する。タイマ部38は、例えばソフトタイマからなる。シェアリング装置24は、自らに登録されたシェアリング装置IDが車両ID(車体番号)と紐付けされることにより、車両1と一対一の関係をとる。 The sharing device 24 includes a controller 34 that controls the operation of the sharing device 24, a smart communication block 35 that performs smart communication, a short-range wireless module 36 that performs short-range wireless communication, and a memory 37 that can rewrite data. And a timer unit 38 for managing the date and time. Whether or not the controller 34 can correctly decrypt the key information Dk with the encryption key in the memory 37 (in this example, the sharing device unique encryption key) when the key information Dk is received from the portable terminal 23 through short-range wireless communication. Is confirmed to determine whether or not the portable terminal 23 is valid. The timer unit 38 is composed of, for example, a soft timer. The sharing device 24 has a one-to-one relationship with the vehicle 1 by associating the sharing device ID registered therein with the vehicle ID (body number).
 図2に示すように、ステップ101において、携帯端末23で車両1の使用予約をするにあたり、携帯端末23は、サーバ22とネットワーク通信を通じてユーザ認証を実行する。本例のユーザ認証では、例えばログイン(ユーザID及びパスワードの認証)と、車両予約手続きとが実施される。車両予約手続きでは、例えば使用車両や日時等が入力される。ユーザID及びパスワードは、携帯端末23に入力され、ネットワーク通信を通じてサーバ22に送信される。サーバ22は、携帯端末23からユーザID及びパスワードを受信すると、これらを認証し、認証が成立すれば処理を継続し、認証が不成立であれば処理を強制終了する。 As shown in FIG. 2, in step 101, when the mobile terminal 23 makes a reservation for using the vehicle 1, the mobile terminal 23 performs user authentication through the server 22 and network communication. In the user authentication of this example, for example, login (user ID and password authentication) and a vehicle reservation procedure are performed. In the vehicle reservation procedure, for example, the vehicle used and the date and time are input. The user ID and password are input to the portable terminal 23 and transmitted to the server 22 through network communication. When the server 22 receives the user ID and password from the portable terminal 23, the server 22 authenticates them and continues the process if the authentication is established, and forcibly terminates the process if the authentication is not established.
 ステップ102において、サーバ22は、ユーザ認証が成立した場合、鍵情報Dkを生成し、これを携帯端末23に送信する。本例の場合、サーバ22は、例えば予約車両に搭載されたシェアリング装置24の暗号鍵(例えばシェアリング装置固有暗号鍵)を使用して、鍵情報Dkを生成する。本例の鍵情報Dkは、例えば「予約日時」、「端末ID」、「ユーザ認証鍵」などのデータ要素を含む平文を、所定の暗号鍵(例えば、シェアリング装置固有暗号鍵等)を用いて暗号式(暗号アルゴリズム)によって暗号化することにより生成された暗号文である。端末IDは、携帯端末23の固有IDである。ユーザ認証鍵は、例えば携帯端末23で車両1の操作を行うときに、携帯端末23及びシェアリング装置24の間の暗号通信で使用される鍵の一種である。 In step 102, when the user authentication is established, the server 22 generates key information Dk and transmits it to the portable terminal 23. In the case of this example, the server 22 generates key information Dk using, for example, an encryption key (for example, a sharing device unique encryption key) of the sharing device 24 mounted on the reserved vehicle. As the key information Dk in this example, a plaintext including data elements such as “reservation date and time”, “terminal ID”, and “user authentication key” is used as a predetermined encryption key (for example, a sharing device-specific encryption key). This is a ciphertext generated by encrypting with an encryption method (encryption algorithm). The terminal ID is a unique ID of the mobile terminal 23. The user authentication key is a kind of key used in encrypted communication between the mobile terminal 23 and the sharing device 24 when the vehicle 1 is operated with the mobile terminal 23, for example.
 ステップ103において、携帯端末23は、予約車両の使用開始時、自身に登録されている鍵情報Dkを近距離無線通信によって送信する。鍵情報Dkは、例えばBLE(Bluetooth Low Energy)を通じてシェアリング装置24に送信される。 In step 103, the portable terminal 23 transmits the key information Dk registered therein by the short-range wireless communication at the start of use of the reserved vehicle. The key information Dk is transmitted to the sharing device 24 through, for example, BLE (Bluetooth Low Energy).
 ステップ104において、シェアリング装置24は、携帯端末23から鍵情報Dkを受信すると、鍵情報Dkの認証作業を実行する。本例の場合、シェアリング装置24は、暗号鍵(例えばシェアリング装置固有暗号鍵等)を用いて鍵情報Dkを復号し、この復号が成功したか否かを確認する。このとき、鍵情報Dkの復号が成功すれば、携帯端末23から受信した鍵情報Dkが正しいため、鍵情報Dkの認証が成功する。シェアリング装置24は、鍵情報Dkの認証が成功すれば、鍵情報Dkに含まれていた「予約日時」、「端末ID」、「ユーザ認証鍵」を取得することができる。 In step 104, when the sharing device 24 receives the key information Dk from the portable terminal 23, the sharing device 24 performs an authentication operation of the key information Dk. In the case of this example, the sharing device 24 decrypts the key information Dk using an encryption key (for example, a sharing device-specific encryption key) and confirms whether or not the decryption is successful. At this time, if the decryption of the key information Dk is successful, the key information Dk received from the portable terminal 23 is correct, so that the authentication of the key information Dk is successful. If the authentication of the key information Dk is successful, the sharing device 24 can acquire “reservation date / time”, “terminal ID”, and “user authentication key” included in the key information Dk.
 シェアリング装置24は、鍵情報Dkの認証が成立すれば、鍵情報Dkの「認証完了状態」に移行し、シェアリング装置24を電子キー2として作動させるキー機能が有効(キー機能がオン)となる。よって、シェアリング装置24は、電子キーシステム4を通じたスマート通信(スマート機能)を実行可能となる。また、シェアリング装置24は、鍵情報Dkの認証が成立した場合、鍵情報Dkやユーザ認証鍵をメモリ37に書き込み保存する。一方、シェアリング装置24は、鍵情報Dkの認証が不成立であれば、鍵情報Dkが正しくないとして、BLE通信の接続を切断する。 When the authentication of the key information Dk is established, the sharing device 24 shifts to the “authentication completed state” of the key information Dk, and the key function for operating the sharing device 24 as the electronic key 2 is valid (the key function is on). It becomes. Therefore, the sharing device 24 can execute smart communication (smart function) through the electronic key system 4. Further, the sharing device 24 writes and stores the key information Dk and the user authentication key in the memory 37 when the authentication of the key information Dk is established. On the other hand, if the authentication of the key information Dk is not established, the sharing device 24 determines that the key information Dk is incorrect and disconnects the BLE communication.
 シェアリング装置24は、鍵情報Dkの認証が成立した場合、この認証において取得したユーザ認証鍵を近距離無線通信により携帯端末23に通知する。携帯端末23は、シェアリング装置24からユーザ認証鍵を受信すると、これをメモリ30に登録する。以上により、携帯端末23及びシェアリング装置24の両方にユーザ認証鍵が登録される。 When the authentication of the key information Dk is established, the sharing device 24 notifies the mobile terminal 23 of the user authentication key acquired in this authentication by short-range wireless communication. When the mobile terminal 23 receives the user authentication key from the sharing device 24, it registers it in the memory 30. As described above, the user authentication key is registered in both the portable terminal 23 and the sharing device 24.
 図3に示すように、ステップ201において、携帯端末23は、認証完了状態に移行後、携帯端末23において操作要求ボタン(画面上の表示ボタン)が操作されると、そのボタンに応じた操作要求信号を近距離無線によりシェアリング装置24に送信する。操作要求ボタンは、例えば車両ドア13を解錠するときに操作する解錠要求ボタン、車両ドア13を施錠するときに操作する施錠要求ボタン、エンジン6の始動を車両1に許可させる際に操作するエンジン始動要求ボタンなどがある。操作要求信号は、操作された操作要求ボタンに応じたコマンドを含む信号である。操作要求信号は、例えばユーザ認証鍵によって暗号化されて送信される。 As shown in FIG. 3, in step 201, when the portable terminal 23 moves to the authentication completion state, and an operation request button (display button on the screen) is operated on the portable terminal 23, an operation request corresponding to the button is made. The signal is transmitted to the sharing device 24 by short-range radio. The operation request button is operated, for example, when the vehicle door 13 is unlocked, the unlock request button operated when the vehicle door 13 is locked, and when the vehicle 1 is allowed to start the engine 6. There is an engine start request button. The operation request signal is a signal including a command corresponding to the operated operation request button. The operation request signal is transmitted after being encrypted with a user authentication key, for example.
 ステップ202において、シェアリング装置24は、携帯端末23から操作要求信号を受信すると、照合ECU9との間でスマート通信を実行し、携帯端末23から受信した操作要求信号を照合ECU9に通知する。本例の場合、シェアリング装置24は、自身に登録された電子キーID及び暗号鍵を用いたスマート照合を実行し、その照合の過程で、携帯端末23から受信した操作要求信号を照合ECU9に通知する。 In step 202, when the operation request signal is received from the mobile terminal 23, the sharing device 24 performs smart communication with the verification ECU 9, and notifies the verification ECU 9 of the operation request signal received from the mobile terminal 23. In the case of this example, the sharing device 24 performs smart verification using the electronic key ID and encryption key registered in itself, and in the verification process, the operation request signal received from the portable terminal 23 is sent to the verification ECU 9. Notice.
 ステップ203において、照合ECU9は、シェアリング装置24との間のスマート照合が成立することを確認すると、シェアリング装置24から通知された操作要求信号に応じた作動を実行する。これにより、車両ドア13の施解錠や、エンジン始動操作の許可などが実行される。 In step 203, when the collation ECU 9 confirms that the smart collation with the sharing device 24 is established, the collation ECU 9 executes an operation according to the operation request signal notified from the sharing device 24. Thereby, locking / unlocking of the vehicle door 13 and permission of engine start operation are performed.
 図4に示すように、シェアリングシステム21は、バレット係等の第三者に駐車等を依頼するバレットパーキングサービス対応となっている。本例の場合、第三者に車両1を貸し出すにあたっては、バレットキー41をバレット係等の第三者に渡して車両1を貸与する。バレットキー41は、車両1を操作することができる車両キー(電子キー2)の一種であり、第三者に対して貸し出される車両キーとして使用される。なお、バレットキー41と車両1との通信は、ブルートゥースに限定されず、例えば通常のスマート通信としてもよい。なお、この場合でも、バレットキー41と携帯端末23との通信は、ブルートゥースであることが好ましい。 As shown in FIG. 4, the sharing system 21 is compatible with a valet parking service that requests parking or the like from a third party such as a valet staff. In the case of this example, when renting the vehicle 1 to a third party, the vehicle 1 is lent by passing the valet key 41 to a third party such as a valet staff. The bullet key 41 is a kind of vehicle key (electronic key 2) that can operate the vehicle 1, and is used as a vehicle key lent to a third party. Note that the communication between the bullet key 41 and the vehicle 1 is not limited to Bluetooth, and may be, for example, normal smart communication. Even in this case, the communication between the bullet key 41 and the portable terminal 23 is preferably Bluetooth.
 バレットキー41は、バレットキー41の作動を制御するキー制御部42と、バレットキー41で車両1を作動させる際に操作する操作部43と、近距離無線通信が可能な通信モジュール44と、データ書き替えが可能なメモリ45とを備える。通信モジュール44は、例えばブルートゥース通信を通じて携帯端末23やシェアリング装置24と通信する。操作部43には、車両ドア13を解錠する際に操作するアンロック操作部や、車両ドア13を施錠する際に操作するロック操作部や、エンジン始動を許可させるときに操作するエンジン始動許可操作部や、バレットキー41の電源をオンオフする際に操作する電源操作部などがある。 The bullet key 41 includes a key control unit 42 that controls the operation of the bullet key 41, an operation unit 43 that is operated when the vehicle 1 is operated by the bullet key 41, a communication module 44 that is capable of short-range wireless communication, and data And a rewritable memory 45. The communication module 44 communicates with the mobile terminal 23 and the sharing device 24 through, for example, Bluetooth communication. The operation unit 43 includes an unlock operation unit that is operated when the vehicle door 13 is unlocked, a lock operation unit that is operated when the vehicle door 13 is locked, and an engine start permission that is operated when the engine start is permitted. There are an operation unit and a power supply operation unit that is operated when the power of the bullet key 41 is turned on and off.
 シェアリングシステム21は、携帯端末23からバレットキー41に車両1の操作権限を付与する権限付与部48を備える。本例の権限付与部48は、サーバ22に設けられた第1権限付与部48aと、携帯端末23に設けられた第2権限付与部48bと、バレットキー41に設けられた第3権限付与部48cとを備える。第1権限付与部48aは、携帯端末23用の鍵情報(以降、第1鍵情報Dk1と記す)を生成するとき、バレットキー41用の鍵情報(以降、第2鍵情報Dk2と記す)も併せて生成し、第1鍵情報Dk1及び第2鍵情報Dk2を携帯端末23に送信する。携帯端末23及びバレットキー41が通信(ブルートゥース通信)するとき、第2権限付与部48bは、バレットキー41用の第2鍵情報Dk2をバレットキー41に送信して、第3権限付与部48cは、この第2鍵情報Dk2をバレットキー41に登録する。 The sharing system 21 includes an authority grant unit 48 that grants the operation authority of the vehicle 1 from the portable terminal 23 to the bullet key 41. The authority granting part 48 of this example includes a first authority granting part 48 a provided in the server 22, a second authority granting part 48 b provided in the mobile terminal 23, and a third authority granting part provided in the bullet key 41. 48c. When the first authority grant unit 48a generates key information for the portable terminal 23 (hereinafter referred to as first key information Dk1), key information for the bullet key 41 (hereinafter referred to as second key information Dk2) is also generated. The first key information Dk1 and the second key information Dk2 are also generated and transmitted to the mobile terminal 23. When the mobile terminal 23 and the bullet key 41 communicate (Bluetooth communication), the second authority grant unit 48b transmits the second key information Dk2 for the bullet key 41 to the bullet key 41, and the third authority grant unit 48c The second key information Dk2 is registered in the bullet key 41.
 第1鍵情報Dk1は、携帯端末23で車両1を使用するときの「予約日時」、携帯端末23の「端末ID」、携帯端末23とシェアリング装置24との暗号通信で用いる「ユーザ認証鍵」などのデータ要素を含む。また、第2鍵情報Dk2は、バレットキー41で車両1を使用するときの「予約日時」、バレットキー41の「端末ID」、シェアリング装置24とバレットキー41との暗号通信で用いる「ユーザ認証鍵」などのデータ要素を含む。 The first key information Dk1 includes “reservation date and time” when the vehicle 1 is used on the mobile terminal 23, “terminal ID” of the mobile terminal 23, and “user authentication key” used in encrypted communication between the mobile terminal 23 and the sharing device 24. "And other data elements. The second key information Dk2 includes “reservation date and time” when the vehicle 1 is used with the bullet key 41, “terminal ID” of the bullet key 41, and “user” used in encrypted communication between the sharing device 24 and the bullet key 41. Includes data elements such as "authentication key".
 シェアリングシステム21は、車両1の返却時に車両1の新たな操作権限をユーザに付与する再付与処理部49を備える。再付与処理部49は、サーバ22に設けられた第1再付与処理部49aと、携帯端末23に設けられた第2再付与処理部49bと、バレットキー41に設けられた第3再付与処理部49cとを備える。再付与処理部49は、車両1を返却する場合に、携帯端末23に既に登録されているバレットキー操作権限(第2鍵情報Dk2)とは別の返却用バレットキー操作権限(乗り捨て用鍵情報Dk3)を、バレットキー41に新たに付与する。 The sharing system 21 includes a reassignment processing unit 49 that grants a new operation authority of the vehicle 1 to the user when the vehicle 1 is returned. The reassignment processor 49 includes a first reassignment processor 49 a provided in the server 22, a second reassignment processor 49 b provided in the mobile terminal 23, and a third reassignment process provided in the bullet key 41. Part 49c. When returning the vehicle 1, the reassignment processing unit 49 returns a bullet key operation authority (transfer key information) different from the bullet key operation authority (second key information Dk 2) already registered in the mobile terminal 23. Dk3) is newly assigned to the bullet key 41.
 次に、図5~図14を用いて、本実施形態のシェアリングシステム21の作用及び効果について説明する。
 図5(a)に示すように、車両1を借りていたユーザが目的地に到着し、車両1を乗り捨てしたとする。この場合、ユーザは、サービスマン等に車両1及びバレットキー41を渡して返却処理を行う。なお、このときは、図5(b)に示すように、目的地到着前まで車両1がユーザによって使用されていたため、サーバ22のメモリ52や、携帯端末23及びシェアリング装置24の各々のメモリ30,37には、第1鍵情報Dk1及び第2鍵情報Dk2が登録済みとなっている。一方、バレットキー41には、車両1の操作権限が付与されておらず、メモリ45には、第1鍵情報Dk1及び第2鍵情報Dk2の何れも書き込まれていない。 Next, operations and effects of the sharing system 21 according to the present embodiment will be described with reference to FIGS.
As shown in FIG. 5A, it is assumed that the user who has borrowed the vehicle 1 arrives at the destination and drops off the vehicle 1. In this case, the user performs a return process by passing the vehicle 1 and the bullet key 41 to a serviceman or the like. At this time, as shown in FIG. 5B, since the vehicle 1 was used by the user before arrival at the destination, the memory 52 of the server 22, the memories of the mobile terminal 23 and the sharing device 24, respectively. In 30, 37, the first key information Dk1 and the second key information Dk2 are already registered. On the other hand, the operation authority of the vehicle 1 is not given to the bullet key 41, and neither the first key information Dk1 nor the second key information Dk2 is written in the memory 45.
 図6は、車両1を借りていた正規ユーザが目的地に到着して、車両1の返却処理を行うときの手順を示すフローチャートである(図5に示す使用例)。同図に示されるように、ステップ301において、携帯端末23は、シェアリング装置24と通信接続中の状態下において、携帯端末23で車両1の返却操作が実行されると、その旨を通知する返却通知をシェアリング装置24に送信する。車両1の返却操作は、例えば携帯端末23の画面に返却ボタンを表示し、これをタップする操作であることが好ましい。 FIG. 6 is a flowchart showing a procedure when a legitimate user who has borrowed the vehicle 1 arrives at the destination and performs a return process of the vehicle 1 (use example shown in FIG. 5). As shown in the figure, in step 301, when the mobile terminal 23 performs a return operation of the vehicle 1 in a state in which the mobile terminal 23 is in communication connection with the sharing device 24, the mobile terminal 23 notifies that effect. A return notification is transmitted to the sharing device 24. The return operation of the vehicle 1 is preferably an operation of displaying a return button on the screen of the mobile terminal 23 and tapping this, for example.
 ステップ302において、シェアリング装置24は、携帯端末23から返却通知を受信すると、キー機能をオフする。すなわち、これまでシェアリング装置24でオンされていたキー機能がオフに切り替えられる。 In step 302, when the sharing device 24 receives the return notification from the portable terminal 23, the sharing function 24 turns off the key function. That is, the key function that has been previously turned on in the sharing device 24 is switched off.
 ステップ303において、シェアリング装置24は、キー機能がオフになると、返却応答を携帯端末23に送信する。
 ステップ304において、携帯端末23及びシェアリング装置24は、キー機能のオフ後、携帯端末23及びシェアリング装置24の間の通信を切断する。なお、以降、シェアリング装置24は、アドバタイズパケット(以下「アドバタイズ」という)送信の状態に移行する。 In step 303, the sharing device 24 transmits a return response to the mobile terminal 23 when the key function is turned off.
In step 304, the portable terminal 23 and the sharing device 24 disconnect the communication between the portable terminal 23 and the sharing device 24 after the key function is turned off. Thereafter, the sharing apparatus 24 shifts to an advertisement packet (hereinafter referred to as “advertisement”) transmission state.
 ステップ305において、サーバ22(第1再付与処理部49a)及び携帯端末23(第2再付与処理部49b)は、携帯端末23に登録された鍵情報Dk(第1鍵情報Dk1及び第2鍵情報Dk2)の返却処理を実行する。鍵情報Dk(第1鍵情報Dk1及び第2鍵情報Dk2)の返却処理は、例えば携帯端末23をサーバ22に接続し、携帯端末23から返却開始要求をサーバ22に送信することにより開始される。 In step 305, the server 22 (first reassignment processing unit 49a) and the mobile terminal 23 (second reassignment processing unit 49b) perform key information Dk (first key information Dk1 and second key registered in the mobile terminal 23). The return process of information Dk2) is executed. Return processing of the key information Dk (first key information Dk1 and second key information Dk2) is started, for example, by connecting the mobile terminal 23 to the server 22 and transmitting a return start request from the mobile terminal 23 to the server 22. .
 ステップ306において、サーバ22(第1再付与処理部49a)は、携帯端末23から返却開始要求を受信すると、返却開始要求を通知してきた携帯端末23を確認し、車両貸出中の携帯端末23であることを認識できれば、返却許可を携帯端末23に送信する。 In step 306, when receiving the return start request from the mobile terminal 23, the server 22 (first re-granting processing unit 49a) confirms the mobile terminal 23 that has notified the return start request, and uses the mobile terminal 23 that is renting the vehicle. If it can be recognized, a return permission is transmitted to the portable terminal 23.
 ステップ307において、携帯端末23(第2再付与処理部49b)は、サーバ22から返却許可を受信すると、携帯端末23のメモリ30に書き込まれている鍵情報Dk(第1鍵情報Dk1及び第2鍵情報Dk2)を消去する。すなわち、車両予約時に取得した第1鍵情報Dk1及び第2鍵情報Dk2がメモリ30から消去される。 In step 307, when the portable terminal 23 (second reassignment processing unit 49b) receives the return permission from the server 22, the key information Dk (first key information Dk1 and second key information) written in the memory 30 of the portable terminal 23 is received. The key information Dk2) is deleted. That is, the first key information Dk1 and the second key information Dk2 acquired at the time of vehicle reservation are erased from the memory 30.
 ステップ308において、携帯端末23(第2再付与処理部49b)は、鍵情報返却後の一時的な車両1の使用予約として、乗り捨て貸出予約を入力する。乗り捨て貸出予約の手続きは、例えば前述の車両予約時に行ったユーザ認証と同様の処理であり、例えばユーザID、パスワード、使用車両等を入力する。必要事項の入力後、携帯端末23において画面上の返却用貸出予約ボタンがタップされる。 In step 308, the portable terminal 23 (second reassignment processing unit 49b) inputs a drop-off rental reservation as a temporary use reservation of the vehicle 1 after the key information is returned. The procedure for the lending and lending reservation is, for example, the same processing as the user authentication performed at the time of the above-described vehicle reservation, and for example, a user ID, a password, a vehicle to be used, etc. are input. After inputting the necessary items, the return rental reservation button on the screen is tapped on the portable terminal 23.
 ステップ309において、携帯端末23(第2再付与処理部49b)は、乗り捨て貸出予約時の入力データを、サーバ22に送信する。サーバ22は、携帯端末23から乗り捨て貸出予約時の入力データを基にユーザ認証を実行する。サーバ22(第1再付与処理部49a)は、ユーザ認証が成立すれば処理を継続し、ユーザ認証が不成立であれば処理を強制終了する。 In step 309, the portable terminal 23 (second reassignment processing unit 49 b) transmits the input data at the time of the reserved lending reservation to the server 22. The server 22 executes user authentication based on the input data at the time of the lending and lending reservation from the mobile terminal 23. The server 22 (first reassignment processing unit 49a) continues the process if the user authentication is established, and forcibly terminates the process if the user authentication is not established.
 ステップ310において、サーバ22(第1再付与処理部49a)は、車両返却後の一時的な車両使用を許可するのに必要な乗り捨て用鍵情報Dk3を生成する。乗り捨て用鍵情報Dk3は、第1鍵情報Dk1や第2鍵情報Dk2と同様のデータ要素から構築されている。乗り捨て用鍵情報Dk3は、バレットキー41で車両1を一時使用するときの「使用時間」、バレットキー41の「端末ID」、シェアリング装置24とバレットキー41との暗号通信で用いる「ユーザ認証鍵」(第2鍵情報Dk2に含まれるものとは別もの)などを要素とする情報である。 In step 310, the server 22 (first reassignment processing unit 49a) generates the drop-off key information Dk3 necessary for permitting temporary vehicle use after the vehicle is returned. The drop-off key information Dk3 is constructed from the same data elements as the first key information Dk1 and the second key information Dk2. The drop-off key information Dk3 includes “use time” when the vehicle 1 is temporarily used with the bullet key 41, “terminal ID” of the bullet key 41, and “user authentication” used in encrypted communication between the sharing device 24 and the bullet key 41. Key ”(information different from that included in the second key information Dk2) and the like.
 ステップ311において、サーバ22(第1再付与処理部49a)は、生成した乗り捨て用鍵情報Dk3を携帯端末23に送信する。
 ステップ312において、携帯端末23(第2再付与処理部49b)は、サーバ22から乗り捨て用鍵情報Dk3を受信すると、この乗り捨て用鍵情報Dk3をメモリ30に書き込み保存する。このように、携帯端末23では、車両予約時に登録された第1鍵情報Dk1及び第2鍵情報Dk2の代わりに、乗り捨て用鍵情報Dk3が登録された状態となる。 In step 311, the server 22 (first reassignment processing unit 49 a) transmits the generated drop-off key information Dk 3 to the mobile terminal 23.
In step 312, when the portable terminal 23 (second reassignment processing unit 49 b) receives the drop-off key information Dk 3 from the server 22, it writes and saves this drop-off key information Dk 3 in the memory 30. As described above, in the portable terminal 23, the drop-off key information Dk3 is registered instead of the first key information Dk1 and the second key information Dk2 registered at the time of vehicle reservation.
 図7は、携帯端末23からバレットキー41に「返却用バレットキー操作権限」として乗り捨て用鍵情報Dk3を付与するときの手順を示すフローチャートである。同図に示されるように、ステップ401において、バレットキー41は、例えば操作部43の操作(電源操作部の操作)に基づき、ブルートゥース通信のアドバタイズ送信を開始する。なお、このときの操作は、例えば電源操作部の長押しであることが好ましい。 FIG. 7 is a flowchart showing a procedure for giving the drop-off key information Dk3 as “return bullet key operation authority” to the bullet key 41 from the portable terminal 23. As shown in the figure, in step 401, the bullet key 41 starts advertisement transmission of Bluetooth communication based on, for example, operation of the operation unit 43 (operation of the power supply operation unit). In addition, it is preferable that the operation at this time is, for example, a long press of the power supply operation unit.
 ステップ402において、携帯端末23及びバレットキー41は、ブルートゥース(BLE)の通信を接続する。この場合、例えばバレットキー41のアドバタイズに対して携帯端末23がコネクトリクエストを返信したとき、このコネクトリクエストをバレットキー41が受信すると、通信が接続される。 In step 402, the mobile terminal 23 and the bullet key 41 connect Bluetooth (BLE) communication. In this case, for example, when the portable terminal 23 returns a connect request to the advertisement of the bullet key 41, the communication is connected when the bullet key 41 receives the connect request.
 ステップ403において、バレットキー41(第3再付与処理部49c)は、携帯端末23との通信が接続されると、チャレンジコードの送信を要求するチャレンジ要求を携帯端末23に送信する。 In step 403, the bullet key 41 (third reassignment processing unit 49c) transmits a challenge request for requesting transmission of a challenge code to the mobile terminal 23 when communication with the mobile terminal 23 is connected.
 ステップ404において、携帯端末23(第2再付与処理部49b)は、バレットキー41からチャレンジ要求を受信すると、チャレンジレスポンス認証に使用するチャレンジコードをバレットキー41に送信する。 In step 404, when receiving the challenge request from the bullet key 41, the portable terminal 23 (second reassignment processing unit 49b) transmits a challenge code used for challenge response authentication to the bullet key 41.
 ステップ405において、バレットキー41(第3再付与処理部49c)は、携帯端末23からチャレンジコードを受信すると、自身の暗号鍵を用いて、レスポンスコードを生成する。そして、バレットキー41(第3再付与処理部49c)は、生成したレスポンスコードを、携帯端末23に送信する。 In step 405, upon receiving the challenge code from the mobile terminal 23, the bullet key 41 (third reassignment processing unit 49c) generates a response code using its own encryption key. Then, the bullet key 41 (third reassignment processing unit 49 c) transmits the generated response code to the mobile terminal 23.
 ステップ406において、携帯端末23(第2再付与処理部49b)は、バレットキー41からレスポンスコードを受信すると、自身も同様の演算を通じて求めたレスポンスコードと比較して、レスポンス照合を実行する。このとき、携帯端末23が演算で求めたレスポンスコードとバレットキー41が演算で求めたレスポンスコードとが一致すれば、レスポンス照合が成立し、処理が継続される。一方、これらレスポンスコードが不一致であれば、レスポンス照合が不成立となり、処理が強制終了される。 In step 406, when the mobile terminal 23 (second reassignment processing unit 49 b) receives the response code from the bullet key 41, the mobile terminal 23 compares the response code obtained through the same calculation with itself and executes response verification. At this time, if the response code calculated by the portable terminal 23 matches the response code calculated by the bullet key 41, the response verification is established and the processing is continued. On the other hand, if these response codes do not match, the response verification is not established and the process is forcibly terminated.
 ステップ407において、携帯端末23(第2再付与処理部49b)は、レスポンス照合が成立した場合、自身が生成した乗り捨て用鍵情報Dk3をバレットキー41に送信する。すなわち、携帯端末23(第2再付与処理部49b)は、乗り捨て用鍵情報Dk3をバレットキー41に付与することにより、車両1の一時的な使用を許可する。この乗り捨て用鍵情報Dk3は、バレットキー41でのみ使用可能である。 In step 407, the portable terminal 23 (second reassignment processing unit 49b) transmits the drop-off key information Dk3 generated by itself to the bullet key 41 when the response verification is established. That is, the portable terminal 23 (second re-assignment processing unit 49b) grants the drop-off key information Dk3 to the bullet key 41, thereby permitting temporary use of the vehicle 1. This drop-off key information Dk3 can be used only by the bullet key 41.
 ステップ408において、バレットキー41(第3再付与処理部49c)は、携帯端末23から乗り捨て用鍵情報Dk3を受信すると、これをメモリ45に書き込む。これにより、バレットキー41が一時的に車両キーとして使用できるようになる。 In step 408, upon receiving the drop-off key information Dk3 from the portable terminal 23, the bullet key 41 (the third reassignment processing unit 49c) writes it into the memory 45. Thereby, the bullet key 41 can be temporarily used as a vehicle key.
 ステップ409において、バレットキー41(第3再付与処理部49c)は、メモリ45への乗り捨て用鍵情報Dk3の書き込みが完了すると、その旨を通知する受信応答を携帯端末23に送信する。 In step 409, upon completion of writing the drop-off key information Dk3 to the memory 45, the bullet key 41 (third reassignment processing unit 49c) transmits a reception response to that effect to the portable terminal 23.
 ステップ410において、携帯端末23及びバレットキー41は、通信(ブルートゥース通信)の接続を切断する。これにより、携帯端末23とバレットキー41の間の通信が終了される。 In step 410, the portable terminal 23 and the bullet key 41 disconnect the communication (Bluetooth communication) connection. Thereby, the communication between the portable terminal 23 and the bullet key 41 is terminated.
 ステップ411において、携帯端末23(第2再付与処理部49b)は、乗り捨て用鍵情報Dk3をバレットキー41に送信することが済むと、メモリ30内の情報を消去する。すなわち、携帯端末23のメモリ30から鍵情報Dkが全て消去され、携帯端末23で車両操作を行うことができない状態になる。 In step 411, the portable terminal 23 (second reassignment processing unit 49 b) deletes the information in the memory 30 after transmitting the drop-off key information Dk 3 to the bullet key 41. That is, all the key information Dk is erased from the memory 30 of the portable terminal 23, and the vehicle operation cannot be performed on the portable terminal 23.
 図8は、バレットパーキングサービスを受けるときの手順を示すフローチャートである。ステップ501において、シェアリング装置24は、定期的なアドバタイズの送信を実行する。本例の場合、シェアリング装置24のキー機能がオフされてから、アドバタイズの送信が継続されている。 FIG. 8 is a flowchart showing a procedure for receiving the valet parking service. In step 501, the sharing device 24 performs periodic advertisement transmission. In the case of this example, the transmission of advertisement is continued after the key function of the sharing device 24 is turned off.
 ステップ502において、シェアリング装置24及びバレットキー41は、ブルートゥース(BLE)の通信を接続する。この場合、例えばシェアリング装置24のアドバタイズに対してバレットキー41がコネクトリクエストを返信したとき、このコネクトリクエストをシェアリング装置24が受信すると、通信が接続される。 In step 502, the sharing device 24 and the bullet key 41 connect Bluetooth (BLE) communication. In this case, for example, when the bullet key 41 returns a connect request to the advertisement of the sharing device 24, the communication is connected when the sharing device 24 receives the connect request.
 ステップ503において、シェアリング装置24は、バレットキー41に鍵情報Dkの通知を要求する旨の鍵情報要求を送信する。
 ステップ504において、バレットキー41は、シェアリング装置24から鍵情報要求を受信すると、バレットキー41に登録されている乗り捨て用鍵情報Dk3と、バレットキー41の固有IDである端末IDとを、シェアリング装置24に送信する。 In step 503, the sharing device 24 transmits a key information request for requesting notification of the key information Dk to the bullet key 41.
In step 504, upon receiving the key information request from the sharing device 24, the bullet key 41 shares the drop-off key information Dk3 registered in the bullet key 41 and the terminal ID that is the unique ID of the bullet key 41. Transmit to the ring device 24.
 ステップ505において、シェアリング装置24は、いま通信しているバレットキー41の端末IDを認証する端末ID認証を実行する。端末ID認証は、シェアリング装置24において乗り捨て用鍵情報Dk3を復号して得られる端末IDと、バレットキー41から直に受信した端末IDとを比較する認証である。このとき、端末ID認証が成立すれば処理が継続され、端末ID認証が不成立であれば処理が強制終了される。 In step 505, the sharing device 24 executes terminal ID authentication for authenticating the terminal ID of the bullet key 41 that is currently communicating. The terminal ID authentication is authentication for comparing the terminal ID obtained by decrypting the drop-off key information Dk3 in the sharing device 24 with the terminal ID received directly from the bullet key 41. At this time, if the terminal ID authentication is established, the process is continued, and if the terminal ID authentication is not established, the process is forcibly terminated.
 ステップ506において、シェアリング装置24は、バレットキー41から通知される予約時間が正当か否かを確認する予約時間照合を実行する。予約時間照合は、シェアリング装置24において乗り捨て用鍵情報Dk3を復号して得られる予約日時と、タイマ部38の現在時刻とを比較する認証である。このとき、予約時間照合が成立すれば処理が継続され、予約時間照合が不成立であれば処理が強制終了される。 In step 506, the sharing device 24 executes a reservation time check for confirming whether or not the reservation time notified from the bullet key 41 is valid. The reservation time verification is authentication for comparing the reservation date and time obtained by decrypting the drop-off key information Dk3 in the sharing device 24 with the current time of the timer unit 38. At this time, if the reservation time collation is established, the process is continued, and if the reservation time collation is not established, the process is forcibly terminated.
 ステップ507において、シェアリング装置24は、端末ID認証及び予約時間照合がともに成立する場合、メモリ37への乗り捨て用鍵情報Dk3の書き込みを実行する。本例の場合、乗り捨て用鍵情報Dk3やバレットキー41用の端末IDの他に、乗り捨て用鍵情報Dk3から演算されるユーザ認証鍵もメモリ37に書き込まれる。 In step 507, the sharing device 24 writes the drop-off key information Dk3 to the memory 37 when both terminal ID authentication and reservation time verification are established. In this example, the user authentication key calculated from the drop-off key information Dk3 is also written in the memory 37 in addition to the drop-off key information Dk3 and the terminal ID for the bullet key 41.
 ステップ508において、シェアリング装置24は、メモリ37への情報書き込みが完了すると、演算により求めたユーザ認証鍵をバレットキー41に通知する。バレットキー41は、シェアリング装置24からユーザ認証鍵を受信すると、これをメモリ45に書き込み保存する。これにより、シェアリング装置24及びバレットキー41の間で、ユーザ認証鍵を用いた暗号通信が可能となる。 In step 508, when the information writing to the memory 37 is completed, the sharing device 24 notifies the bullet key 41 of the user authentication key obtained by the calculation. Upon receiving the user authentication key from the sharing device 24, the bullet key 41 writes and stores it in the memory 45. As a result, encrypted communication using the user authentication key is possible between the sharing device 24 and the bullet key 41.
 ステップ509において、バレットキー41は、ユーザ認証鍵の書き込みが済むと、キーオン要求をシェアリング装置24に送信する。
 ステップ510において、シェアリング装置24は、バレットキー41からキーオン要求を受信すると、キー機能をオンする。これにより、シェアリング装置24は、電子キーシステム4を通じたスマート通信(スマート照合)が実行可能となる。 In step 509, the bullet key 41 transmits a key-on request to the sharing device 24 after the user authentication key is written.
In step 510, when the sharing device 24 receives a key-on request from the bullet key 41, the sharing device 24 turns on the key function. As a result, the sharing device 24 can execute smart communication (smart verification) through the electronic key system 4.
 ステップ511において、シェアリング装置24は、キー機能がオンに切り替わると、その旨を伝えるキーオン通知をバレットキー41に送信する。これにより、バレットキー41は、シェアリング装置24のキー機能がオンされたことを認識する。そして、サービスマンは、バレットキー41を用いて車両1のエンジン6をかけ、車両1を所定位置に駐車する。 In step 511, when the key function is turned on, the sharing device 24 transmits a key-on notification to that effect to the bullet key 41. Thereby, the bullet key 41 recognizes that the key function of the sharing device 24 is turned on. And the service person starts the engine 6 of the vehicle 1 using the bullet key 41, and parks the vehicle 1 in a predetermined position.
 図9は、バレットキー41の乗り捨て用鍵情報Dk3を自動消去する手順を示すフローチャートである。ステップ601において、バレットキー41(第3再付与処理部49c)は、バレットキー41に乗り捨て用鍵情報Dk3が付与されてから一定時間経過後、接続状態を問わず、シェアリング装置24との通信を切断する。 FIG. 9 is a flowchart showing a procedure for automatically deleting the drop-off key information Dk3 of the bullet key 41. In step 601, the bullet key 41 (third reassignment processing unit 49c) communicates with the sharing device 24 regardless of the connection state after a certain period of time has elapsed since the drop-off key information Dk3 was assigned to the bullet key 41. Disconnect.
 ステップ602において、バレットキー41(第3再付与処理部49c)は、メモリ45内の情報を消去する。すなわち、バレットキー41のメモリ45に書き込まれている乗り捨て用鍵情報Dk3やユーザ認証鍵等が、メモリ45から消去される。これにより、バレットキー41を使用することができなくなる。 In step 602, the bullet key 41 (third reassignment processing unit 49c) deletes the information in the memory 45. That is, the drop-off key information Dk3 and the user authentication key written in the memory 45 of the bullet key 41 are deleted from the memory 45. As a result, the bullet key 41 cannot be used.
 図10(a)に示すように、別ユーザが新たに車両1の予約を行ったとする。この場合、例えばサービスマンがバレットキー41で車両ドアを解錠し、エンジン6をかけて車両1を別ユーザのところまで運ぶ。そして、サービスマンから別ユーザに車両1の貸出処理が行われ、別ユーザが車両1及びバレットキー41を受け取る。なお、このときは、図10(b)に示すように、別ユーザが新たに車両1の予約をとるので、サーバ22、携帯端末23及びシェアリング装置24のいずれのメモリ30,37,45,52にも、第1鍵情報Dk1及び第2鍵情報Dk2が登録されていない。 Suppose that another user newly makes a reservation for the vehicle 1 as shown in FIG. In this case, for example, a serviceman unlocks the vehicle door with the bullet key 41, starts the engine 6 and carries the vehicle 1 to another user. Then, the rental process of the vehicle 1 is performed from the service person to another user, and the other user receives the vehicle 1 and the bullet key 41. At this time, as shown in FIG. 10B, another user newly makes a reservation for the vehicle 1, so any of the memories 30, 37, 45, of the server 22, the portable terminal 23, and the sharing device 24. Also in 52, the first key information Dk1 and the second key information Dk2 are not registered.
 図11は、別ユーザが自身の携帯端末23で車両1の使用予約をするときの手順を示すフローチャートである。ステップ701において、ユーザが携帯端末23で車両1の利用手続きを行った場合、携帯端末23は、利用手続き時に入力されたユーザデータを取得する。この利用手続きでは、前述したように、例えばユーザID、パスワード、車両1の使用日時等が入力される。携帯端末23は、利用手続きによって取得したユーザデータをサーバ22に送信する。このとき、携帯端末23は、ユーザデータとして、携帯端末23の端末IDやバレットキー41の端末IDも併せて送信する。 FIG. 11 is a flowchart showing a procedure when another user makes a reservation for using the vehicle 1 with his / her mobile terminal 23. In step 701, when the user performs a procedure for using the vehicle 1 with the mobile terminal 23, the mobile terminal 23 acquires user data input during the use procedure. In this use procedure, as described above, for example, a user ID, a password, a use date and time of the vehicle 1 and the like are input. The portable terminal 23 transmits user data acquired by the use procedure to the server 22. At this time, the mobile terminal 23 also transmits the terminal ID of the mobile terminal 23 and the terminal ID of the bullet key 41 as user data.
 ステップ702において、サーバ22(第1権限付与部48a)は、携帯端末23からユーザデータを受信すると、鍵情報Dkを生成する。このとき、サーバ22(第1権限付与部48a)は、携帯端末23に発行する新たな第1鍵情報(以降、新第1鍵情報Dk1’と記す)のみならず、バレットキー41に発行する新たな第2鍵情報(以降、新第2鍵情報Dk2’と記す)を生成する。サーバ22(第1権限付与部48a)は、生成した新第1鍵情報Dk1’及び新第2鍵情報Dk2’を携帯端末23に送信する。新第1鍵情報Dk1’及び新第2鍵情報Dk2’には、各々異なるユーザ認証鍵が含まれる。 In step 702, when receiving the user data from the mobile terminal 23, the server 22 (first authority grant unit 48a) generates key information Dk. At this time, the server 22 (first authority grant unit 48a) issues not only new first key information (hereinafter referred to as new first key information Dk1 ′) to be issued to the mobile terminal 23, but also to the bullet key 41. New second key information (hereinafter referred to as new second key information Dk2 ′) is generated. The server 22 (first authority giving unit 48a) transmits the generated new first key information Dk1 'and new second key information Dk2' to the mobile terminal 23. The new first key information Dk1 'and the new second key information Dk2' include different user authentication keys.
 ステップ703において、携帯端末23(第2権限付与部48b)は、サーバ22から新第1鍵情報Dk1’及び新第2鍵情報Dk2’を受信すると、新第1鍵情報Dk1’及び新第2鍵情報Dk2’をメモリ30に書き込み保存する。これにより、別ユーザの携帯端末23に新第1鍵情報Dk1’及び新第2鍵情報Dk2’が登録された状態となる。 In step 703, when the portable terminal 23 (second authority grant unit 48b) receives the new first key information Dk1 ′ and the new second key information Dk2 ′ from the server 22, the new first key information Dk1 ′ and the new second key information Dk1 ′ are received. The key information Dk2 ′ is written and stored in the memory 30. As a result, the new first key information Dk1 'and the new second key information Dk2' are registered in the portable terminal 23 of another user.
 図12は、別ユーザの携帯端末23からバレットキー41に車両1の「操作権限」(新第2鍵情報Dk2’)を付与するときの手順を示すフローチャートである。図12に示されるように、ステップ801において、バレットキー41は、例えば操作部43の操作を契機に、電源オンの状態に切り替わる。電源オンの操作は、例えばバレットキー41の電源操作部の操作であることが好ましい。 FIG. 12 is a flowchart showing a procedure when the “operation authority” (new second key information Dk2 ′) of the vehicle 1 is given to the bullet key 41 from the portable terminal 23 of another user. As illustrated in FIG. 12, in step 801, the bullet key 41 is switched to a power-on state, for example, when the operation unit 43 is operated. The power-on operation is preferably an operation of the power operation unit of the bullet key 41, for example.
 ステップ802において、バレットキー41は、電源オンに切り替わると、ブルートゥース通信のアドバタイズ送信を開始する。
 ステップ803において、携帯端末23は、ブルートゥース通信を接続するバレットキー41の選択操作を入力する。すなわち、別ユーザの携帯端末23においてブルートゥース通信の接続先が選択される。 In step 802, when the bullet key 41 is switched to power-on, it starts advertising transmission of Bluetooth communication.
In step 803, the portable terminal 23 inputs a selection operation of the bullet key 41 for connecting the Bluetooth communication. That is, the connection destination of Bluetooth communication is selected in the portable terminal 23 of another user.
 ステップ804において、携帯端末23及びバレットキー41は、ブルートゥース(BLE)の通信を接続する。この場合、例えばアドバタイズ及びコネクトリクエストのやり取りが行われると、通信が接続される。 In step 804, the mobile terminal 23 and the bullet key 41 connect Bluetooth (BLE) communication. In this case, for example, when an advertisement and a connect request are exchanged, communication is connected.
 ステップ805において、バレットキー41(第3権限付与部48c)は、携帯端末23との通信が接続されると、チャレンジコードの送信を要求するチャレンジ要求を携帯端末23に送信する。 In step 805, when communication with the mobile terminal 23 is connected, the bullet key 41 (third authority grant unit 48c) transmits a challenge request for requesting transmission of a challenge code to the mobile terminal 23.
 ステップ806において、携帯端末23(第2権限付与部48b)は、バレットキー41からチャレンジ要求を受信すると、チャレンジレスポンス認証に使用するチャレンジコードをバレットキー41に送信する。 In step 806, when the portable terminal 23 (second authority grant unit 48 b) receives the challenge request from the bullet key 41, it transmits a challenge code used for challenge response authentication to the bullet key 41.
 ステップ807において、バレットキー41(第3権限付与部48c)は、携帯端末23からチャレンジコードを受信すると、自身の暗号鍵を用いて、レスポンスコードを生成する。そして、バレットキー41(第3権限付与部48c)は、生成したレスポンスコードを、携帯端末23に送信する。 In Step 807, upon receiving the challenge code from the portable terminal 23, the bullet key 41 (third authority grant unit 48c) generates a response code using its own encryption key. Then, the bullet key 41 (third authority granting unit 48 c) transmits the generated response code to the mobile terminal 23.
 ステップ808において、携帯端末23(第2権限付与部48b)は、バレットキー41からレスポンスコードを受信すると、自身も同様の演算を通じて求めたレスポンスコードと比較して、レスポンス照合を実行する。このとき、携帯端末23が演算で求めたレスポンスコードとバレットキー41が演算で求めたレスポンスコードとが一致すれば、レスポンス照合が成立し、処理が継続される。一方、これらレスポンスコードが不一致であれば、レスポンス照合が不成立となり、処理が強制終了される。 In step 808, when the mobile terminal 23 (second authority grant unit 48b) receives the response code from the bullet key 41, the mobile terminal 23 compares the response code obtained through the same calculation with itself and executes response verification. At this time, if the response code calculated by the portable terminal 23 matches the response code calculated by the bullet key 41, the response verification is established and the processing is continued. On the other hand, if these response codes do not match, the response verification is not established and the process is forcibly terminated.
 ステップ809において、携帯端末23(第2権限付与部48b)は、レスポンス照合が成立した場合、自身に登録されているバレットキー41用の新第2鍵情報Dk2’をバレットキー41に送信する。すなわち、携帯端末23(第2権限付与部48b)は、バレットキー41で車両1を操作するための新第2鍵情報Dk2’(バレットキー操作権限)をバレットキー41に付与する。この新第2鍵情報Dk2’は、バレットキー41でのみ使用可能である。 In Step 809, when the response verification is established, the mobile terminal 23 (second authority grant unit 48 b) transmits the new second key information Dk <b> 2 ′ for the bullet key 41 registered in itself to the bullet key 41. That is, the portable terminal 23 (second authority granting part 48 b) gives the second key information Dk 2 ′ (valet key operation authority) for operating the vehicle 1 with the bullet key 41 to the bullet key 41. The new second key information Dk2 'can be used only with the bullet key 41.
 ステップ810において、バレットキー41(第3権限付与部48c)は、携帯端末23から新第2鍵情報Dk2’を受信すると、これをメモリ45に書き込む。これにより、バレットキー41が車両キーとして使用できるようになる。 In step 810, upon receiving the new second key information Dk2 'from the mobile terminal 23, the bullet key 41 (third authority grant unit 48c) writes the new second key information Dk2' in the memory 45. Thereby, the bullet key 41 can be used as a vehicle key.
 ステップ811において、携帯端末23(第2権限付与部48b)は、別ユーザの携帯端末23をバレットキー有効モードに設定する。携帯端末23がバレットキー有効モードになると、自身は車両キーとして使用することができない「利用不可」の状態となる。 In Step 811, the mobile terminal 23 (second authority grant unit 48 b) sets the mobile terminal 23 of another user to the bullet key valid mode. When the mobile terminal 23 enters the bullet key valid mode, the mobile terminal 23 is in an “unusable” state where it cannot be used as a vehicle key.
 ステップ812において、携帯端末23及びバレットキー41は、通信(ブルートゥース通信)の接続を切断する。これにより、携帯端末23とバレットキー41の間の通信が終了される。そして、サービスマンは、バレットキー41を用いて車両1のエンジン6をかけ、車両1を所定位置まで配車する。なお、バレットキー41で車両1を作動させるときの操作は、図7のステップ401~ステップ411と同様であるので、ここでは説明を省略する。 In step 812, the mobile terminal 23 and the bullet key 41 disconnect the communication (Bluetooth communication). Thereby, the communication between the portable terminal 23 and the bullet key 41 is terminated. Then, the service person starts the engine 6 of the vehicle 1 using the bullet key 41 and dispatches the vehicle 1 to a predetermined position. Note that the operation for operating the vehicle 1 with the bullet key 41 is the same as the step 401 to the step 411 in FIG.
 図13は、携帯端末23からバレットキー41に付与した「操作権限」(新第2鍵情報Dk2’)を無効にするときの手順を示すフローチャートである。なお、図13において、ステップ901~ステップ904は、前述のステップ801~ステップ804と同様の処理(図12参照)であるので、説明を省略する。 FIG. 13 is a flowchart showing a procedure for invalidating the “operation authority” (new second key information Dk2 ′) given to the bullet key 41 from the portable terminal 23. In FIG. 13, steps 901 to 904 are the same processing as steps 801 to 804 described above (see FIG. 12), and thus description thereof is omitted.
 ステップ905において、ユーザが携帯端末23でバレットキー41の操作権限を無効化する操作を行った場合、携帯端末23(第2権限付与部48b)は、この操作権限無効化要求を入力する。本例の場合、バレットキー41の操作権限の無効化操作は、例えば携帯端末23の画面に無効化要求ボタンを表示し、このボタンを選択操作する態様であることが好ましい。 In step 905, when the user performs an operation of invalidating the operation authority of the bullet key 41 on the mobile terminal 23, the mobile terminal 23 (second authority granting unit 48b) inputs this operation authority invalidation request. In the case of this example, the invalidation operation of the operation authority of the bullet key 41 is preferably an aspect in which, for example, an invalidation request button is displayed on the screen of the mobile terminal 23 and this button is selected and operated.
 ステップ906において、携帯端末23(第2権限付与部48b)は、携帯端末23で操作権限無効化要求の操作が実行されると、チャレンジコードを送信する。
 ステップ907において、バレットキー41(第3権限付与部48c)は、携帯端末23からチャレンジコードを受信すると、自身の暗号鍵を用いて、レスポンスコードを生成する。そして、バレットキー41(第3権限付与部48c)は、生成したレスポンスコードを、携帯端末23に送信する。 In step 906, the portable terminal 23 (second authority grant unit 48 b) transmits a challenge code when an operation for invalidating the operation authority is performed on the portable terminal 23.
In step 907, upon receiving the challenge code from the mobile terminal 23, the bullet key 41 (third authority granting unit 48c) generates a response code using its own encryption key. Then, the bullet key 41 (third authority granting unit 48 c) transmits the generated response code to the mobile terminal 23.
 ステップ908において、携帯端末23(第2権限付与部48b)は、バレットキー41からレスポンスコードを受信すると、自身も同様の演算を通じて求めたレスポンスコードと比較して、レスポンス照合を実行する。このとき、携帯端末23が演算で求めたレスポンスコードとバレットキー41が演算で求めたレスポンスコードとが一致すれば、レスポンス照合が成立し、処理が継続される。一方、これらレスポンスコードが不一致であれば、レスポンス照合が不成立となり、処理が強制終了される。 In step 908, when the portable terminal 23 (second authority grant unit 48b) receives the response code from the bullet key 41, the portable terminal 23 compares the response code obtained through the same calculation with itself and executes response verification. At this time, if the response code calculated by the portable terminal 23 matches the response code calculated by the bullet key 41, the response verification is established and the processing is continued. On the other hand, if these response codes do not match, the response verification is not established and the process is forcibly terminated.
 ステップ909において、携帯端末23(第2権限付与部48b)は、レスポンス照合が成立すると、バレットキー41に付与した操作権限を無効化する無効化要求を送信する。 In step 909, when the response verification is established, the mobile terminal 23 (second authority grant unit 48 b) transmits an invalidation request for invalidating the operation authority given to the bullet key 41.
 ステップ511において、バレットキー41(第3権限付与部48c)は、携帯端末23から無効化要求を受信すると、車両1の操作権限を無効化する。本例の場合は、バレットキー41のメモリ45に書き込まれていた新第2鍵情報Dk2’(ユーザ認証鍵)を消去する。これにより、バレットキー41で車両1を操作することができなくなる。 In step 511, upon receiving the invalidation request from the mobile terminal 23, the bullet key 41 (third authority grant unit 48c) invalidates the operation authority of the vehicle 1. In the case of this example, the new second key information Dk2 '(user authentication key) written in the memory 45 of the bullet key 41 is deleted. As a result, the vehicle 1 cannot be operated with the bullet key 41.
 ステップ911において、携帯端末23及びバレットキー41は、通信(ブルートゥース通信)の接続を切断する。これにより、携帯端末23とバレットキー41の間の通信が終了される。 In step 911, the mobile terminal 23 and the bullet key 41 disconnect the communication (Bluetooth communication). Thereby, the communication between the portable terminal 23 and the bullet key 41 is terminated.
 ステップ912において、バレットキー41は、電源をオフする。これにより、バレットキー41が待機状態に移行される。
 図14は、携帯端末23及びシェアリング装置24の間でユーザ認証を行うときの手順を示すフローチャートである。これは、別ユーザが自身の携帯端末23で車両1を使用するときに実施される手順である。 In step 912, the bullet key 41 turns off the power. Thereby, the bullet key 41 is shifted to the standby state.
FIG. 14 is a flowchart illustrating a procedure when user authentication is performed between the mobile terminal 23 and the sharing device 24. This is a procedure performed when another user uses the vehicle 1 with his / her mobile terminal 23.
 ステップ1001において、携帯端末23及びシェアリング装置24は、ブルートゥース(BLE)の通信を接続する。この場合、例えばシェアリング装置24のアドバタイズに対して携帯端末23がコネクトリクエストを返信したとき、このコネクトリクエストをシェアリング装置24が受信すると、通信が接続される。 In step 1001, the portable terminal 23 and the sharing device 24 connect Bluetooth (BLE) communication. In this case, for example, when the mobile terminal 23 returns a connect request to the advertisement of the sharing device 24, the communication is connected when the sharing device 24 receives the connect request.
 ステップ1002において、シェアリング装置24は、バレットキー41に鍵情報Dkの通知を要求する旨の鍵情報要求を送信する。
 ステップ1003において、携帯端末23は、シェアリング装置24から鍵情報要求を受信すると、携帯端末23に登録されている新第1鍵情報Dk1’と、携帯端末23の固有IDである端末IDとを、シェアリング装置24に送信する。 In step 1002, the sharing apparatus 24 transmits a key information request for requesting the bullet key 41 to notify the key information Dk.
In step 1003, when the mobile terminal 23 receives the key information request from the sharing device 24, the mobile terminal 23 obtains the new first key information Dk1 ′ registered in the mobile terminal 23 and the terminal ID that is the unique ID of the mobile terminal 23. To the sharing device 24.
 ステップ1004において、シェアリング装置24は、いま通信している携帯端末23の端末IDを認証する端末ID認証を実行する。端末ID認証は、シェアリング装置24において新第1鍵情報Dk1’を復号して得られる端末IDと、携帯端末23から直に受信した端末IDとを比較する認証である。このとき、端末ID認証が成立すれば処理が継続され、端末ID認証が不成立であれば処理が強制終了される。 In step 1004, the sharing device 24 executes terminal ID authentication for authenticating the terminal ID of the mobile terminal 23 that is currently communicating. The terminal ID authentication is an authentication for comparing the terminal ID obtained by decrypting the new first key information Dk1 ′ in the sharing device 24 with the terminal ID received directly from the mobile terminal 23. At this time, if the terminal ID authentication is established, the process is continued, and if the terminal ID authentication is not established, the process is forcibly terminated.
 ステップ1005において、シェアリング装置24は、携帯端末23から通知される予約時間が正当か否かを確認する予約時間照合を実行する。予約時間照合は、シェアリング装置24において新第1鍵情報Dk1’を復号して得られる予約日時と、タイマ部38の現在時刻とを比較する認証である。このとき、予約時間照合が成立すれば処理が継続され、予約時間照合が不成立であれば処理が強制終了される。 In step 1005, the sharing apparatus 24 executes a reservation time check for confirming whether or not the reservation time notified from the mobile terminal 23 is valid. The reservation time collation is authentication for comparing the reservation date and time obtained by decrypting the new first key information Dk1 'in the sharing device 24 with the current time of the timer unit 38. At this time, if the reservation time collation is established, the process is continued, and if the reservation time collation is not established, the process is forcibly terminated.
 ステップ1006において、シェアリング装置24は、端末ID認証及び予約時間照合がともに成立する場合、メモリ37への新第1鍵情報Dk1’の書き込みを実行する。本例の場合、新第1鍵情報Dk1’や携帯端末23の端末IDの他に、新第1鍵情報Dk1’から演算されるユーザ認証鍵もメモリ37に書き込まれる。 In step 1006, the sharing device 24 writes the new first key information Dk1 'to the memory 37 when both terminal ID authentication and reservation time verification are established. In the case of this example, in addition to the new first key information Dk1 ′ and the terminal ID of the portable terminal 23, the user authentication key calculated from the new first key information Dk1 ′ is also written in the memory 37.
 そして、以降のステップ1007~ステップ1010において、前述のステップ508~ステップ511と同様の処理が実行されて、シェアリング装置24のキー機能がオンされる。以上により、別ユーザの携帯端末23を車両キーとして使用することが可能となる。 In the subsequent steps 1007 to 1010, the same processing as in the above-described steps 508 to 511 is executed, and the key function of the sharing device 24 is turned on. As described above, the mobile terminal 23 of another user can be used as a vehicle key.
 さて、本例の場合、バレットキー41を使用した車両1の返却を行う場合、この返却時のときにのみ使用する返却用バレットキー操作権限(乗り捨て用鍵情報Dk3)を新たにバレットキー41に付与して、このバレットキー41で車両1を操作できるようにする。このとき付与する返却用バレットキー操作権限(乗り捨て用鍵情報Dk3)は、車両1の返却時にのみ使用する専用の権限であるので、返却作業に特化された権限内容となっている。よって、バレットパーキングサービスを使用して車両1を安全に返却することが可能となる。 In the case of this example, when returning the vehicle 1 using the bullet key 41, a return bullet key operating authority (transfer key information Dk3) used only at the time of the return is newly assigned to the bullet key 41. And the vehicle 1 can be operated with the bullet key 41. The return bullet key operation authority (drop-off key information Dk3) to be given at this time is a dedicated authority used only when the vehicle 1 is returned, and is therefore an authority content specialized for return work. Therefore, the vehicle 1 can be safely returned using the valet parking service.
 再付与処理部49は、車両1の返却時に返却用バレットキー操作権限(乗り捨て用鍵情報Dk3)をバレットキー41に付与した場合に、携帯端末23のメモリ30内の情報を削除する。よって、車両1の返却後、携帯端末23を使用不可にしておくことが可能となるので、車両1の不正使用に対するセキュリティ性の向上に一層有利となる。 The reassignment processing unit 49 deletes the information in the memory 30 of the portable terminal 23 when the return bullet key operating authority (the drop-off key information Dk3) is granted to the bullet key 41 when the vehicle 1 is returned. Therefore, since the portable terminal 23 can be disabled after the vehicle 1 is returned, it is further advantageous in improving security against unauthorized use of the vehicle 1.
 再付与処理部49は、バレットキー41に乗り捨て用鍵情報Dk3を付与した場合、規定の条件が満たされる(例えば一定時間が経過する)と、バレットキー41に付与された乗り捨て用鍵情報Dk3を自動で消去させる。よって、車両1の返却時にバレットキー41に付与した乗り捨て用鍵情報Dk3を消去しておくことが可能となるので、車両1の不正使用に対するセキュリティ性の向上に一層有利となる。 When the reassignment processing unit 49 assigns the drop-off key information Dk3 to the bullet key 41, the re-assignment processing unit 49 sets the drop-off key information Dk3 assigned to the bullet key 41 when a prescribed condition is satisfied (for example, a certain time has elapsed). Let it be erased automatically. Therefore, it is possible to delete the drop-off key information Dk3 assigned to the bullet key 41 when the vehicle 1 is returned, which is further advantageous in improving the security against unauthorized use of the vehicle 1.
 再付与処理部49により付与される返却用バレットキー操作権限(乗り捨て用鍵情報Dk3)は、車両1の使用が許可されるものではあっても、ユーザによる車両1の使用とはみなされない操作権限である。例えば再付与処理部49により付与される返却用バレットキー操作権限(乗り捨て用鍵情報Dk3)は、車両1の使用にあたって課金対象外となる操作権限である。これにより、返却用バレットキー操作権限(乗り捨て用鍵情報Dk3)が再付与された後は、車両1が使用されてもユーザには影響はない。よって、ユーザの意図しない車両1の使用が生じ難くなる。 Even though the return bullet key operation authority (discard key information Dk3) granted by the reassignment processing unit 49 is permitted to use the vehicle 1, the operation authority is not considered to be the use of the vehicle 1 by the user. It is. For example, the return bullet key operation authority (drop-off key information Dk3) granted by the re-assignment processing unit 49 is an operation authority that is not charged when using the vehicle 1. As a result, after the return bullet key operation authority (removal key information Dk3) is re-assigned, the user is not affected even if the vehicle 1 is used. Therefore, it becomes difficult to use the vehicle 1 that is not intended by the user.
 操作権限は、携帯端末23とシェアリング装置24との間の認証で使用される鍵情報Dkであり、この鍵情報Dkは、一度のみ使用可能なワンタイムキーである。よって、鍵情報Dkが不正に使用されて車両1が操作されてしまう状況が生じ難くなるので、不正使用に対するセキュリティ性を向上するのに有利となる。 The operation authority is key information Dk used in authentication between the portable terminal 23 and the sharing device 24, and this key information Dk is a one-time key that can be used only once. Therefore, the situation in which the key information Dk is illegally used and the vehicle 1 is operated is less likely to occur, which is advantageous in improving security against unauthorized use.
 権限付与部48は、車両1の使用予約時に取得したバレットキー41用の第2鍵情報Dk2をバレットキー41に付与することにより、正規ユーザの通常使用時におけるバレットキー41の使用を可能にする。これにより、車両1の返却時には、車両1の予約手続き時に携帯端末23に登録したバレットキー41用の第2鍵情報Dk2を、乗り捨て用鍵情報Dk3に更新するのみの処理で済む。よって、車両1の返却時にユーザに課す操作を、簡素なものとすることができる。 The authority grant unit 48 allows the authorized user to use the bullet key 41 during normal use by providing the bullet key 41 with the second key information Dk2 for the bullet key 41 acquired when the vehicle 1 is reserved for use. . Thereby, when the vehicle 1 is returned, only the process of updating the second key information Dk2 for the bullet key 41 registered in the portable terminal 23 during the reservation procedure of the vehicle 1 to the drop-off key information Dk3 is sufficient. Therefore, the operation imposed on the user when the vehicle 1 is returned can be simplified.
 なお、本実施形態は、以下のように変更して実施することができる。本実施形態及び以下の変更例は、技術的に矛盾しない範囲で互いに組み合わせて実施することができる。
 ・最初に付与する操作権限と、車両1の返却時に付与される操作権限は、ともにワンタイムキー(鍵情報Dk)であることに限定されず、これらが異なる種類の情報であってもよい。 In addition, this embodiment can be implemented with the following modifications. The present embodiment and the following modifications can be implemented in combination with each other within a technically consistent range.
-Both the operation authority given initially and the operation authority given at the time of return of the vehicle 1 are not limited to being a one-time key (key information Dk), These may be different types of information.
 ・乗り捨て用鍵情報Dk3に含ませる内容は、使用開始時の鍵情報Dkに含まれる内容と異なる情報であればよい。
 ・乗り捨て用鍵情報Dk3のバレットキー41への書き込み開始は、電源操作部の長押しを契機とすることに限らず、電源操作部以外の操作部43を用いた操作など、他の態様に変更してもよい。 The content included in the drop-off key information Dk3 may be information different from the content included in the key information Dk at the start of use.
The writing start of the drop-off key information Dk3 to the bullet key 41 is not limited to a long press of the power operation unit, but is changed to other modes such as an operation using the operation unit 43 other than the power operation unit. May be.
 ・再付与される操作権限は、使用開始に携帯端末23に付与される操作権限とは異なる態様でバレットキー41に登録されてもよい。
 ・乗り捨て用鍵情報Dk3の消去は、一定時間経過を条件とすることに限定されない。例えば、使用回数や時刻など、他のパラメータに変更してもよい。 The re-granted operation authority may be registered in the bullet key 41 in a manner different from the operation authority given to the mobile terminal 23 at the start of use.
The erasure of the drop-off key information Dk3 is not limited to the condition that a certain time has elapsed. For example, you may change into other parameters, such as use frequency and time.
 ・シェアリング装置24は、車両1に後付けされるものでもよいし、車両1に予め組み付いているものでもよい。
 ・シェアリング装置24は、照合ECU9と一体化されて、これらが1つのユニット部品となっていてもよい。 The sharing device 24 may be retrofitted to the vehicle 1 or may be pre-assembled to the vehicle 1.
The sharing device 24 may be integrated with the verification ECU 9, and these may be one unit part.
 ・シェアリング装置24の搭載場所は、特に限定されない。
 ・車両1の予約手続きは、携帯端末23で行われることに限らず、例えばバレットキー41で実施されてもよい。 -The mounting location of the sharing device 24 is not particularly limited.
The reservation procedure for the vehicle 1 is not limited to being performed by the mobile terminal 23 but may be performed by the bullet key 41, for example.
 ・車両1の予約手続きは、携帯端末23を通さずに、例えばバレットキー41のみ使用して行う態様としてもよい。
 ・携帯端末23及びシェアリング装置24の認証は、鍵情報Dkの認証に限定されず、他の方法に変更可能である。 The reservation procedure for the vehicle 1 may be performed using only the bullet key 41, for example, without passing through the portable terminal 23.
-Authentication of the portable terminal 23 and the sharing apparatus 24 is not limited to authentication of the key information Dk, It can change into another method.
 ・操作権限の付与は、鍵情報Dkを相手に付与する方式に限定されず、例えば使用許可のコマンドを与える方式など、他の方法に変更してもよい。
 ・近距離無線通信は、ブルートゥース通信に限定されず、他の通信方式に変更可能である。 The operation authority is not limited to the method of giving the key information Dk to the other party, and may be changed to another method such as a method of giving a use permission command.
-Short-range wireless communication is not limited to Bluetooth communication, but can be changed to another communication method.
 ・鍵情報Dkは、ワンタイムキーに限定されず、使用が制限された情報であればよい。
 ・鍵情報Dkに含ませる内容は、実施形態以外の態様に変更可能である。
 ・鍵情報Dkは、サーバ22で生成されることに限定されず、外部であれば、どの場所でもよい。 The key information Dk is not limited to a one-time key, and may be information that is restricted in use.
The content included in the key information Dk can be changed to a mode other than the embodiment.
The key information Dk is not limited to being generated by the server 22, and may be anywhere as long as it is external.
 ・暗号通信に使用する暗号鍵は、例えばシェアリング装置固有暗号鍵、ユーザ認証鍵、電子キー固有暗号鍵のうち、どの鍵を使用してもよい。例えば、処理の途中で使用する暗号鍵を切り替えれば、通信のセキュリティ性を向上するのに有利となる。また、使用する暗号鍵は、前述した鍵に限定されず、種々のものに変更してもよい。 · The encryption key used for encryption communication may be any key among, for example, a sharing device unique encryption key, a user authentication key, and an electronic key unique encryption key. For example, switching the encryption key used during the process is advantageous in improving the security of communication. Further, the encryption key to be used is not limited to the above-described key, and may be changed to various types.
 ・携帯端末23は、高機能携帯電話に限定されず、種々の端末に変更可能である。
 ・携帯端末23やシェアリング装置24は、ユーザ認証鍵をどのような手順や方式で取得してもよい。 The mobile terminal 23 is not limited to a high-function mobile phone, and can be changed to various terminals.
The portable terminal 23 and the sharing device 24 may acquire the user authentication key by any procedure or method.
 ・キー機能オンへの切り替えは、何を条件としてもよい。
 ・権限付与部48及び再付与処理部49は、ユーザインターフェースアプリケーション31によって機能的に生成されるものに限らず、他の方法で生成されるものでもよいし、ハードウェア要素から構築されてもよい。 ・ The key function can be switched on under any condition.
The authority grant unit 48 and the re-grant processing unit 49 are not limited to those functionally generated by the user interface application 31, but may be generated by other methods or may be constructed from hardware elements. .
 ・操作フリーの電子キーシステム4は、車内外に送信機を配置して電子キー2の車内外位置を判定しながらスマート照合を行うシステムに限定されない。例えば、車体の左右にアンテナ(LFアンテナ)を配置し、これらアンテナから送信される電波に対する電子キー2の応答の組み合わせを確認することにより、電子キー2の車内外位置を判定するシステムでもよい。 The operation-free electronic key system 4 is not limited to a system that performs smart verification while arranging transmitters inside and outside the vehicle and determining the inside / outside position of the electronic key 2. For example, a system may be used in which antennas (LF antennas) are arranged on the left and right sides of the vehicle body, and the position of the electronic key 2 inside and outside the vehicle is determined by checking the combination of responses of the electronic key 2 to radio waves transmitted from these antennas.
 ・電子キーシステム4に課すID照合は、チャレンジレスポンス認証を含む照合に限定されず、少なくとも電子キーID照合を行うものであればよく、どのような認証や照合を含んでいてもよい。 The ID verification imposed on the electronic key system 4 is not limited to verification including challenge response authentication, and may be any authentication or verification as long as at least electronic key ID verification is performed.
 ・電子キーシステム4は、例えば電子キー2からの通信を契機にID照合が実行されるワイヤレスキーシステムとしてもよい。
 ・電子キー2は、スマートキー(登録商標)に限定されず、ワイヤレスキーとしてもよい。 The electronic key system 4 may be, for example, a wireless key system that performs ID collation triggered by communication from the electronic key 2.
The electronic key 2 is not limited to a smart key (registered trademark), and may be a wireless key.
 ・照合ECU9及びシェアリング装置24は、無線によって通信する方式に限定されず、例えば有線によって接続されていてもよい。この場合、シェアリング装置24から照合ECU9に各種コマンドが有線を通じて送信される。このようにしても、シェアリング装置24からの指令により、照合ECU9を作動させることができる。 The verification ECU 9 and the sharing device 24 are not limited to a wireless communication method, and may be connected by wire, for example. In this case, various commands are transmitted from the sharing device 24 to the verification ECU 9 via a wire. Even in this case, the verification ECU 9 can be operated by a command from the sharing device 24.
 ・シェアリング装置24は、シェア対象物19を作動させるにあたって、電子キーシステムを利用する構成をとることに限定されない。この場合、シェアリング装置24は、シェア対象物19の作動を制御するコントローラ(CPU)に指令を直に送り、シェア対象物19を作動させる。なお、この構成の場合、シェアリング装置24のキー機能を省略できる。 The sharing device 24 is not limited to the configuration using the electronic key system when operating the share object 19. In this case, the sharing device 24 directly sends a command to a controller (CPU) that controls the operation of the share object 19 to operate the share object 19. In this configuration, the key function of the sharing device 24 can be omitted.
 ・シェアリングシステム21は、車両1に適用されることに限らず、例えば住宅(シェアリングハウス)、共用宅配ボックス、コインパーキングなど、他の装置や機器に適用してもよい。よって、シェア対象物19は車両1に限定されず、他の対象に変更可能である。 The sharing system 21 is not limited to being applied to the vehicle 1, but may be applied to other devices and devices such as a house (sharing house), a shared delivery box, and a coin parking. Therefore, the share target 19 is not limited to the vehicle 1 and can be changed to another target.
 次に、上記実施形態及び変更例から把握できる技術的思想について記載する。
 (A)シェアリング方法であって、
 シェア対象物の使用に必要な鍵情報を携帯端末に取り込むこと、
 前記シェア対象物に設けられたシェアリング装置との通信を通じて前記携帯端末を認証することであって、前記携帯端末が認証された場合に前記シェア対象物を前記携帯端末により操作可能となること、
 バレットキーによる前記シェア対象物の操作を可能にするバレットキー操作権限を前記バレットキーに付与すること、
 前記シェア対象物を返却する場合に、前記携帯端末に既に登録されている前記バレットキー操作権限とは別の返却用バレットキー操作権限を前記バレットキーに新たに付与すること、を備えるシェアリング方法。 Next, the technical idea that can be grasped from the embodiment and the modified examples will be described.
(A) A sharing method,
Import key information necessary for using shared objects to mobile devices,
Authenticating the portable terminal through communication with a sharing device provided in the sharing target, and enabling the sharing target to be operated by the portable terminal when the portable terminal is authenticated;
Granting the bullet key the authority to operate the shared object with the bullet key,
When returning the shared object, a sharing method comprising: newly giving a return bullet key operation authority different from the bullet key operation authority already registered in the mobile terminal to the bullet key .

Claims (4)

  1.  シェア対象物に設けられたシェアリング装置と、
     前記シェア対象物を操作可能なバレットキーと、
     前記シェア対象物の使用に必要な鍵情報を取り込み、前記シェアリング装置との通信を通じて認証された場合に前記シェア対象物を操作可能となる携帯端末と、
    を備えるシェアリングシステムであって、
     前記バレットキーによる前記シェア対象物の操作を可能にするバレットキー操作権限を前記バレットキーに付与する権限付与部と、
     前記シェア対象物を返却する場合に、前記携帯端末に既に登録されている前記バレットキー操作権限とは別の返却用バレットキー操作権限を前記バレットキーに新たに付与する再付与処理部と、
    を備えたシェアリングシステム。     A sharing device provided for the share object;
    A bullet key capable of operating the share object;
    Capturing key information necessary for use of the shared object, and a portable terminal capable of operating the shared object when authenticated through communication with the sharing device;
    A sharing system comprising:
    An authority granting unit that grants a bullet key operation authority to the bullet key to enable operation of the shared object by the bullet key;
    When returning the shared object, a re-granting processing unit newly granting the bullet key operation authority for return different from the bullet key operation authority already registered in the mobile terminal;
    Sharing system with
  2.  前記再付与処理部は、前記シェア対象物の返却時に前記返却用バレットキー操作権限を前記バレットキーに付与した場合に、前記携帯端末のメモリ内の情報を削除する、
    請求項1に記載のシェアリングシステム。     The reassignment processing unit deletes the information in the memory of the portable terminal when the return bullet key operation authority is granted to the bullet key when returning the shared object,
    The sharing system according to claim 1.
  3.  前記再付与処理部は、規定の条件が満たされると、前記バレットキーに付与された前記返却用バレットキー操作権限を自動で消去する、
    請求項1又は2に記載のシェアリングシステム。     The reassignment processing unit automatically deletes the return bullet key operating authority given to the bullet key when a prescribed condition is satisfied,
    The sharing system according to claim 1 or 2.
  4.  前記再付与処理部により付与される前記返却用バレットキー操作権限は、前記シェア対象物の使用が許可されるものではあっても、ユーザによる前記シェア対象物の使用とはみなされない操作権限である、
    請求項1~3のうちいずれか一項に記載のシェアリングシステム。     The return bullet key operation authority granted by the re-grant processing unit is an operation authority that is not considered to be used by the user even if the use of the share object is permitted. ,
    The sharing system according to any one of claims 1 to 3.
PCT/JP2019/012915 2018-04-18 2019-03-26 Sharing system WO2019202929A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2018080039A JP2019191647A (en) 2018-04-18 2018-04-18 Sharing system
JP2018-080039 2018-04-18

Publications (1)

Publication Number Publication Date
WO2019202929A1 true WO2019202929A1 (en) 2019-10-24

Family

ID=68239566

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2019/012915 WO2019202929A1 (en) 2018-04-18 2019-03-26 Sharing system

Country Status (2)

Country Link
JP (1) JP2019191647A (en)
WO (1) WO2019202929A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115171248A (en) * 2022-06-29 2022-10-11 合众新能源汽车有限公司 Connection method and device based on Bluetooth key and related equipment

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7389692B2 (en) * 2020-03-23 2023-11-30 株式会社東海理化電機製作所 Vehicle rental system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011184962A (en) * 2010-03-09 2011-09-22 Tokai Rika Co Ltd Radio communication system
JP2012067489A (en) * 2010-09-22 2012-04-05 Tokai Rika Co Ltd Electronic key system for vehicle
JP2014227741A (en) * 2013-05-23 2014-12-08 株式会社東海理化電機製作所 Key rank changing system
JP2015031035A (en) * 2013-08-01 2015-02-16 株式会社東海理化電機製作所 Key right lending system
JP2016172472A (en) * 2015-03-16 2016-09-29 カルソニックカンセイ株式会社 Vehicle security system
JP2017225048A (en) * 2016-06-16 2017-12-21 日産自動車株式会社 Control method of on-vehicle device, program, and mobile information terminal device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011184962A (en) * 2010-03-09 2011-09-22 Tokai Rika Co Ltd Radio communication system
JP2012067489A (en) * 2010-09-22 2012-04-05 Tokai Rika Co Ltd Electronic key system for vehicle
JP2014227741A (en) * 2013-05-23 2014-12-08 株式会社東海理化電機製作所 Key rank changing system
JP2015031035A (en) * 2013-08-01 2015-02-16 株式会社東海理化電機製作所 Key right lending system
JP2016172472A (en) * 2015-03-16 2016-09-29 カルソニックカンセイ株式会社 Vehicle security system
JP2017225048A (en) * 2016-06-16 2017-12-21 日産自動車株式会社 Control method of on-vehicle device, program, and mobile information terminal device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115171248A (en) * 2022-06-29 2022-10-11 合众新能源汽车有限公司 Connection method and device based on Bluetooth key and related equipment
CN115171248B (en) * 2022-06-29 2023-11-17 合众新能源汽车股份有限公司 Bluetooth key-based connection method and device and related equipment

Also Published As

Publication number Publication date
JP2019191647A (en) 2019-10-31

Similar Documents

Publication Publication Date Title
WO2019203306A1 (en) Sharing system
CN107545630B (en) Locking and unlocking system and key unit
JP5996872B2 (en) Lending system
JP6717793B2 (en) Car sharing system and car sharing device
JP6633589B2 (en) Car sharing system
JP6588518B2 (en) Car sharing system
JP6676597B2 (en) Car sharing system
JP6204542B2 (en) Lending system
JP6993186B2 (en) Car sharing system
JP2019091221A (en) Valet key and valet key control method
JP6916101B2 (en) Sharing system
WO2019203305A1 (en) Sharing system
WO2019202929A1 (en) Sharing system
JP7146627B2 (en) Service provision system and service provision method
JP2018178461A (en) User authentication system and user authentication method
JP2015031035A (en) Key right lending system
WO2019221016A1 (en) Shared system and control method therefor
JP5283432B2 (en) Authentication device, mobile terminal, electric key system, and authentication control method
JP2019091222A (en) Bullet key control system and bullet key
JP2019190110A (en) Key information generation system and key information generation method
WO2019221017A1 (en) Shared system and connection mode switching method
JP2020004044A (en) Authentication system and authentication method
JP7428995B2 (en) Authentication system and authentication method
JP7478596B2 (en) Rescue system, rescue method, and rescue program
JP2022023532A (en) Sharing system and sharing method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19788306

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19788306

Country of ref document: EP

Kind code of ref document: A1